Cuma 70 Install Admin

Installation and Administration Guide for Cisco Unified Mobility Advantage
Release 7.0 Revised Date: October 27, 2009
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Installation and Administration Guide for Cisco Unified Mobility Advantage 2008-2009 Cisco Systems, Inc. All rights reserved.
CH A P T E R
Preparing to Install or Upgrade Cisco Unified Mobility Advantage

Revised Date: April 17, 2009
Before you install Cisco Unified Mobility Advantage or upgrade from Release 3.x, perform the following preinstallation procedures and gather the required information. For upgrades from Release 7.0(1), you do not need to change or add to existing settings unless you are adding or changing functionality or enterprise servers. Order of Installation, Upgrade, and Configuration Tasks, page 1-1 Tasks with Long Lead Times, page 1-2 Cisco Unified Mobility Advantage in the Network, page 1-2 Obtaining IP Addresses and DNS Names from IT, page 1-3 Opening Firewall Ports, page 1-5 Your Network and Related Servers Must Be Functioning Properly, page 1-6 Preparing Information Required for Installation and Configuration
Order of Installation, Upgrade, and Configuration Tasks

For new installations of Cisco Unified Mobility Advantage Release 7.x: Follow the order of the chapters in this book through the chapter on the Configuration Wizard, except where noted. For example, all procedures required to configure the Cisco Adaptive Security Appliance are near the beginning of the book, in Chapter 2, Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage. However, although you should start configuring the Cisco Adaptive Security Appliance before you install and configure Cisco Unified Mobility Advantage, you cannot complete the Cisco Adaptive Security Appliance setup until after you have installed, configured, and started Cisco Unified Mobility Advantage, and this fact is noted in the appropriate sections. After you complete the Configuration Wizard, follow the remaining operations specified at the end of that chapter. After you install and configure Release 7.0(1), upgrade to Release 7.0(2). For upgrades from Cisco Unified Mobility Advantage Release 7.0(1) to Release 7.0(2):
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
1-1
Chapter 1 Tasks with Long Lead Times
Follow the instructions in Upgrading from Release 7.0(1) to Release 7.0(2), page 5-19. For upgrades from Cisco Unified Mobility Advantage Release 3.x to Release 7.0(1): Follow the instructions in Chapter 5, Upgrading Cisco Unified Mobility Advantage. Links will take you to topics throughout the document as needed.
Related Topics

Chapter 7, Using the Configuration Wizard in Cisco Unified Mobility Advantage Chapter 5, Upgrading Cisco Unified Mobility Advantage
Tasks with Long Lead Times

Some preinstallation requirements have relatively long lead times. We recommend starting the following processes early:

Obtaining IP addresses Opening ports in firewalls. Obtaining a signed SSL certificate for the Cisco Adaptive Security Appliance.
Related Topics

Obtaining IP Addresses and DNS Names from IT, page 1-3 Opening Firewall Ports, page 1-5 Required and Recommended Signed Certificates, page 9-2
Cisco Unified Mobility Advantage in the Network

The illustration below shows how Cisco Unified Mobility Advantage works in the network.

Cisco Unified Mobility Advantage is deployed behind the enterprise firewall and serves as the integration point for all enterprise services. A Cisco Adaptive Security Appliance (ASA) serves as proxy server for communications between clients and server. Cisco Unified Mobile Communicator communicates with Cisco Unified Mobility Advantage through the Cisco Adaptive Security Appliance. Cisco Unified Communications Manager provides Cisco Unified Mobility features such as unified voice messaging, MobileConnect, and Dial via Office, as well as call log management. Cisco Unified Presence supplies availability status and some contact list management. Cisco Unity or Cisco Unity Connection provides visual Voicemail.
Your network must provide IP connectivity between:

Cisco Unified Mobile Communicator and the Cisco Adaptive Security Appliance The Cisco Adaptive Security Appliance and Cisco Unified Mobility Advantage Cisco Unified Mobility Advantage and the Enterprise Services
1-2
Chapter 1
Preparing to Install or Upgrade Cisco Unified Mobility Advantage Obtaining IP Addresses and DNS Names from IT
If your Information Technology department requires information about data flows, see the Appendix.
Figure 1-1 Cisco Unified Mobility Advantage Architecture
Enterprise Services
MMP/SSL/TLS
Cisco Adaptive Security Appliance with TLS Proxy MMP/SSL/TLS
Firewall
Mobile Data Network (GPRS Data Channel)
Active Directory Exchange
Cisco Unified Presence
Cisco Unified Mobile Communicator PSTN
Cisco Unified Mobility Advantage
Voice mail
MP
Conferencing Cisco Unified Communications Manager

205259
Voice Channel
Obtaining IP Addresses and DNS Names from IT

You must obtain the necessary IP addresses and DNS host names before you can configure the Cisco Adaptive Security Appliance and Cisco Unified Mobility Advantage.
Procedure
Step 1
Obtain the following IP addresses and DNS hostnames from your IT department:
1-3
Chapter 1 Obtaining IP Addresses and DNS Names from IT
Required IP Addresses and Host Names
Your Value
Externally-accessible IP address and its corresponding externally-visible DNS IP Address: name. This IP address or host name serves as the following:

Host Name:
The Cisco Adaptive Security Appliance outside (external) interface The fully qualified domain name (FQDN) on the signed certificate that resides on the Cisco Adaptive Security Appliance. You will obtain this certificate when you configure the Cisco Adaptive Security Appliance. The world-routable IP address for the Cisco Unified Mobility Advantage server. The Proxy Host Name to which Cisco Unified Mobile Communicator clients will connect. The value you will enter into the Proxy Host Name field in Cisco Unified Mobility Advantage Admin Portal under System Management > Network Properties.
You will configure NAT rules to translate this IP address to the private IP address of the Cisco Unified Mobility Advantage server. IP address that serves as both of the following:
IP Address:
The Cisco Adaptive Security Appliance inside (internal) interface. This is the source address for Cisco Adaptive Security Appliance to connect to Cisco Unified Mobility Advantage. Shared IP address for consolidating client communications for passing to Cisco Unified Mobility Advantage.
Private IP address for the server on which Cisco Unified Mobility Advantage is IP Address: installed. DNS host name for this server. Host Name
Step 2
Print this section and note the values in Your Value column of the table. You will need this information for configuration. Verify that each DNS host name resolves to its associated IP address.
Step 3
Related Topics

About Cisco Adaptive Security Appliance Deployment Options, page 2-2 How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8
1-4
Chapter 1
Preparing to Install or Upgrade Cisco Unified Mobility Advantage Opening Firewall Ports
Opening Firewall Ports

The figure below illustrates the required communication paths through the corporate firewalls. Cisco Unified Mobility Advantage Release 7.x restricts the communication port ranges for security reasons. The required bidirectional ports must be open. If you are upgrading from Release 3.1.2, port requirements are different in Release 7.x than in Release 3.1.2, so your communication ports (in the Admin Portal, in System Management > Network Properties) will be set during the upgrade to the default values indicated in the table in this section. You may need to have your IT department open new ports in the firewalls.
DMZ Outer firewall Inner firewall Provisioning port (HTTP) Client connection port (TCP/TLS) Provisioning port Client connection port Cisco Adaptive Security Appliance proxy server
Cisco Unified Mobile Communicator
Procedure
Step 1
Ask your IT security administrator to open the following bidirectional ports in the specified ranges: Port Proxy Client Connection Port (TCP) Range Default Your Value
Firewall Outer firewall
Purpose The Cisco Adaptive Security Appliance communicates with the Cisco Unified Mobile Communicator client using these ports.
Proxy Client Download Port (HTTP)
Inner firewall Cisco Unified Mobility Client Connection Port (TCP) Advantage communicates with the Cisco Adaptive Security Client Download Port (HTTP) Appliance using these ports.
5400-5500 9000-9100
5443 9080
205153
Cisco Unified Mobility Advantage
1-5
Chapter 1 Your Network and Related Servers Must Be Functioning Properly
Step 2
Print this section and note the opened port numbers that you receive from IT in the Your Value column of the table. You will need this information for configuration.
Related Topics
Configuring Server Setup Network Configuration, page 7-21.
Your Network and Related Servers Must Be Functioning Properly

Before you install or upgrade Cisco Unified Mobility Advantage, the environment into which you will deploy it must be configured and working correctly. Configure switches and routers and verify that the other enterprise servers are reachable from the network location where Cisco Unified Mobility Advantage is installed. Cisco Unified Communications Manager should be able to route calls, and voicemail and presence must be functioning properly before you add Cisco Unified Mobility Advantage to the network. Cisco Unified Mobility Advantage cannot operate, and troubleshooting will be far more difficult, if the underlying network and dependencies are not functioning properly.
Preparing Information Required for Installation and Configuration

Gather and record information required for installation and configuration.
Before You Begin
Print the following sections of this book so that you can complete the tables with required values for your deployment:
Obtaining IP Addresses and DNS Names from IT, page 1-3 Opening Firewall Ports, page 1-5 Chapter 6, Installing Cisco Unified Mobility Advantage (For new installations) Information in Chapter 7, Using the Configuration Wizard in
Cisco Unified Mobility Advantage for the enterprise servers you will deploy.
(For upgrades from Release 3.x) Information in Appendix A, Page References: Enterprise
Adapter Settings in Cisco Unified Mobility Advantage for the enterprise servers you will deploy.
Review the guidelines for the application dialing rules and directory lookup settings you will need to configure:
Application Dialing Rules, page 3-6 Recommended Directory Lookup Settings, page 3-7
1-6
Chapter 1
Preparing to Install or Upgrade Cisco Unified Mobility Advantage Preparing Information Required for Installation and Configuration
Procedure
Step 1
Learn your IT information security requirements, if any, for connections between servers inside the firewall:

Can connections be TCP (nonsecure)? Or must they be TLS or SSL (secure)? If connections must be secure, what certificates must Cisco Unified Mobility Advantage provide?
Step 2 Step 3 Step 4
Gather the required information based on the tables in the sections you printed. Note your values in the tables so that you can refer to them as you install and configure Cisco Unified Mobility Advantage. Work with your Cisco Unified Communications Manager administrator to determine the application dialing rules and directory lookup rules you will need to configure.
Related Topics
Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage
1-7
Chapter 1 Preparing Information Required for Installation and Configuration
1-8
CH A P T E R
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage
Revised Date: October 27, 2009
A Cisco Adaptive Security Appliance (ASA) is required for new installations and for upgrades, to provide secure connections to the Cisco Unified Mobility Advantage server.
Note
For upgrades from Release 3.x, the Cisco Adaptive Security Appliance replaces the Proxy Server in Cisco Unified Mobility Advantage Release 3.x. This chapter provides instructions for a basic configuration. Cisco Adaptive Security Appliance Documentation, page 2-2 About Cisco Adaptive Security Appliance Deployment Options, page 2-2 Using the Cisco Adaptive Security Appliance Command-Line Interface, page 2-4 Configuring the Inside and Outside Interfaces Using the Command-Line Interface, page 2-5 Specifying NAT Rules, page 2-5 Setting Static Routes, page 2-7 Allowing Traffic Through to the Cisco Unified Mobility Advantage Server, page 2-7 How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance, page 2-8 Setting up the TLS Proxy, page 2-15 Defining MMP Inspection, page 2-15 Testing Your Cisco Adaptive Security Appliance Configuration, page 2-16 Troubleshooting the Cisco Adaptive Security Appliance, page 2-16
2-1
Chapter 2 Cisco Adaptive Security Appliance Documentation
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility
Cisco Adaptive Security Appliance Documentation

For complete information on configuring Cisco Adaptive Security Appliance, see the Cisco Adaptive Security Appliance documentation, including:
The Cisco ASA 5580 Adaptive Security Appliance Command Line Configuration Guide, Version 8.0. This book has a chapter on Configuring Cisco Unified Communications Proxy Features as well as useful information about configuring certificates and trustpoints. Cisco Unified Mobility Advantage may be referred to as Cisco UMA. Cisco Unified Mobile Communicator may be referred to as Cisco UMC. The Cisco Security Appliance Command Reference for version 8.0(4).
Find Cisco Adaptive Security Appliance documentation at http://cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html.
About Cisco Adaptive Security Appliance Deployment Options

In this deployment, the Cisco Adaptive Security Appliance has two interfaces, one internal-facing and one external-facing. These two interfaces must be connected to two different subnets (or VLANs) within the DMZ. Cisco Unified Mobile Communicator clients send requests to a world-routable IP address for the Cisco Unified Mobility Advantage server in subnet 1 of the DMZ. The DMZ gateway sends this request to the Cisco Adaptive Security Appliance. The Cisco Adaptive Security Appliance translates the IP address to the private IP address of the Cisco Unified Mobility Advantage server in the intranet. The Cisco Adaptive Security Appliance also translates all client source IP addresses coming from outside the network to a shared client IP address in subnet 2 of the DMZ, in order to route communications between the client and Cisco Unified Mobility Advantage. The Cisco Adaptive Security Appliance can be installed on your network in one of two ways:

Cisco Adaptive Security Appliance Installed as a Firewall, page 2-2 Cisco Adaptive Security Appliance Installed as a Proxy Server Only, page 2-3
Cisco Adaptive Security Appliance Installed as a Firewall

Figure 2-1 shows Cisco Adaptive Security Appliance as a firewall.
2-2
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage About Cisco Adaptive Security Appliance Deployment Options
Figure 2-1
Cisco Adaptive Security Appliance Installed as a Firewall
Enterprise Services
MMP/SSL/TLS
IP Address: 10.1.1.2 Port: 5443 Cisco Adaptive Security Appliance with TLS Proxy
Firewall
Mobile Data Network (GPRS Data Channel)
Active Directory Exchange
Cisco Unified Presence
MMP/SSL/TLS Hostname: cuma.example.com IP Address: 192.0.2.140 Port: 5443 Voice mail
Cisco Unified Mobile Communicator PSTN
IP Address: Cisco Unified Mobility 10.1.1.1 Advantage
MP
Conferencing Cisco Unified Communications Manager

205201
Voice Channel
Cisco Adaptive Security Appliance Installed as a Proxy Server Only

You can install the Cisco Adaptive Security Appliance in the DMZ to act solely as a proxy server. Configurations in this chapter are based on this option. Figure 2-2 shows an example of this process.
2-3
Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Using the Cisco Adaptive Security Appliance Command-Line Interface
Figure 2-2
Cisco Adaptive Security Appliance Installed in the DMZ as Proxy Only
Client connects to cuma.example.com (192.0.2.41) Cisco Unified Mobile Communicator
Internet
ISP Gateway
Corporate Firewall
DMZ
Internal Network IP Address: 172.16.27.41 (DMZ routable) 192.0.2.41 outside 10.1.1.2 inside Active Directory Cisco Unified Mobility Advantage
M
Cisco Adaptive Security Appliance with TLS Proxy
Cisco Unified Communications Manager
Exchange Cisco Unified Presence Enterprise Network
MP
Conferencing
205202
Voice mail
Using the Cisco Adaptive Security Appliance Command-Line Interface

Configurations in this chapter use the Cisco Adaptive Security Appliance command line interface.
Procedure
Step 1 Step 2
Open an SSH or HyperTerminal session. Enter the following commands to access all configuration commands: enable
2-4
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Configuring the Inside and Outside Interfaces Using the Command-Line Interface
(no password) configure terminal
Configuring the Inside and Outside Interfaces Using the Command-Line Interface
Before You Begin
Obtain necessary IP addresses. See Obtaining IP Addresses and DNS Names from IT, page 1-3.
Procedure
Step 1 Step 2
Access the Cisco Adaptive Security Appliance command-line interface. Enter show run to see the list of interfaces for your Cisco Adaptive Security Appliance model. For example, Cisco Adaptive Security Appliance 5505 calls the interfaces Vlan1 and Vlan2. For Cisco Adaptive Security Appliance 5520 and 5550, the interface name format is GigabitEthernetX/Y.
Step 3
Assign the IP address to the inside interface: interface <inside interface name for your Cisco Adaptive Security Appliance model> nameif inside security-level 100 ip address <IP address of inside interface; in this example 10.1.1.2> <subnet mask>
Step 4
Assign the IP address to the outside interface: interface <outside interface name for your Cisco Adaptive Security Appliance model> nameif outside security-level 0 ip address <IP address of outside interface; in this example 192.0.2.41> <subnet mask>
Specifying NAT Rules

This section is required only if your Cisco Adaptive Security Appliance is configured solely as a proxy server. Skip this section if your Cisco Adaptive Security Appliance is configured as a firewall. This solution helps secure your internal servers by shielding their real IP addresses and open port numbers from direct external access by allowing external access only to proxy IP addresses and port numbers. Network Address Translation (NAT) and Port Address Translation (PAT) rules translate these public addresses and ports to private addresses and ports. Configure the following rules for this solution:
Translate the public IP address and ports of your Cisco Unified Mobility Advantage server to the private IP address and ports.
2-5
Chapter 2 Specifying NAT Rules
Create a dynamic NAT rule to translate the source IP address of any Cisco Unified Mobile Communicator client to a single IP address that is allowed through the internal firewall. Cisco Unified Mobility Advantage sends responses back to the same IP address.
For example: The client connects to the world-routable IP address of the Cisco Unified Mobility Advantage server: 192.0.2.41. A NAT rule translates this address to the private IP address of the Cisco Unified Mobility Advantage server: 172.16.27.41. Another NAT rule translates communications from all clients to a single IP address that the Cisco Adaptive Security Appliance will use for sending all client communications to the Cisco Unified Mobility Advantage server: 10.1.1.2. For more information about NAT and PAT, see the configuration documentation for your Cisco Adaptive Security Appliance.
Before You Begin
Make sure that the necessary ports in the firewalls are open. See Opening Firewall Ports, page 1-5.
Procedure
Step 1 Step 2
Access the Cisco Adaptive Security Appliance command-line interface. Translate all client IP addresses to a single source IP address for routing through the firewall to Cisco Unified Mobility Advantage: global (<inside interface name>) <nat_id> <shared ip address to which all client ip addresses will be translated> netmask <subnet mask> nat (<outside interface name>) 1 0 0 outside Note that because the IP address that all clients share is the same as the inside interface, you can use interface instead of specifying the IP address. Example: global (inside) 1 interface nat (outside) 1 0.0.0.0 0.0.0.0 outside Translate the world-routable IP address of the Cisco Unified Mobility Advantage server to the private IP address of the Cisco Unified Mobility Advantage server:
static (<inside interface name,outside interface name>) tcp <world routable ip address of Cisco Unified Mobility Advantage server> <proxy client connection port> <private IP address of Cisco Unified Mobility Advantage server> <client connection port> netmask <subnet mask> static (<inside interface name,outside interface name>) tcp <world routable ip address of Cisco Unified Mobility Advantage server> <proxy client download port> <private IP address of Cisco Unified Mobility Advantage server> <client download port> netmask <subnet mask>
Step 3
Note that because the world-routable IP address of the Cisco Unified Mobility Advantage server is the same as the outside interface, you can use interface instead of specifying the IP address. Example: static (inside,outside) tcp interface 5442 172.16.27.41 5443 netmask 255.255.255.255
2-6
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Setting Static Routes
static (inside,outside) tcp interface 9079 172.16.27.41 9080 netmask 255.255.255.255
Setting Static Routes

If your network architecture has the Cisco Adaptive Security Appliance installed as a proxy in the DMZ, you must specify static routes to the default gateways for the inside and outside interfaces.
Note
If your Cisco Adaptive Security Appliance is installed as a firewall, you do not need to set a static route. You may need to set two static routes, one to the default gateway of the subnet to which Cisco Adaptive Security Appliance is connected through its outside interface, and one to the default gateway to which Cisco Adaptive Security Appliance is connected through its inside interface. This is especially true if the private IP address of Cisco Unified Mobility Advantage is in a different network (for example, the internal corporate network) from the Cisco Adaptive Security Appliance server (for example, a DMZ network).
Procedure
Step 1 Step 2
Access the Cisco Adaptive Security Appliance command-line interface. Specify a static route to the default gateway for each interface: route <outside interface name> 0.0.0.0 0.0.0.0 <ip address of the default gateway of the outside subnet> 1 route <inside interface name> <private ip address of the Cisco Unified Mobility Advantage server> <netmask> <ip address of the default gateway of the inside subnet> 1 Example: route outside 0 0 10.10.10.1 1 route inside 192.168.1.0 255.255.255.0 10.1.1.1 1
Allowing Traffic Through to the Cisco Unified Mobility Advantage Server

Create access lists to allow traffic through to the Cisco Unified Mobility Advantage server.
Procedure
Step 1 Step 2
Access the Cisco Adaptive Security Appliance command-line interface. Allow traffic through: access-list <id> extended permit tcp any host <world routable ip address of Cisco Unified Mobility Advantage server> eq <proxy client connection port>
2-7
Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
access-list <id> extended permit tcp any host <world routable ip address of Cisco Unified Mobility Advantage server> eq <proxy client download port> access-group <id> in interface <name of outside interface> Example: access-list permit_cuma extended permit tcp any host <cuma proxy ip> eq 5443 access-list permit_cuma extended permit tcp any host <cuma proxy ip> eq 9080 access-group permit_cuma in interface outside
How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
Perform all of these procedures to deploy the required and recommended certificates on and from the Cisco Adaptive Security Appliance. You must perform additional procedures in Cisco Unified Mobility Advantage in conjunction with each of these procedures on the Cisco Adaptive Security Appliance.

How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8 Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12 Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14
How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate

When Cisco Unified Mobile Communicator connects to the Cisco Adaptive Security Appliance, it requires the Cisco Adaptive Security Appliance to present a certificate signed by a recognized Certificate Authority (supported authorities are Verisign and GeoTrust).

(For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8 (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10
(For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate
Use this procedure if you are upgrading and are reusing the signed certificate from the Proxy Server you used with Release 3.1.2.
Restrictions
You can reuse the Proxy Server certificate only if you meet the restrictions detailed in Saving the SSL Certificate from the Proxy Server, page 5-8.
2-8
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
Otherwise, follow the procedure in (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10.
Before You Begin
You must upgrade Cisco Unified Mobility Advantage before you can import this certificate. Make sure that you have completed the following pre- and post-upgrade procedures:

Saving the SSL Certificate from the Proxy Server, page 5-8 Uploading the Proxy Server Certificate to Release 7.x, page 5-13 Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14
Procedure
Step 1
Import the signed certificate to the Cisco Adaptive Security Appliance in PKCS12 format using the import commands: crypto ca import <trustpoint-cuma-signed> pkcs12 <passphrase> [paste the contents of the ssl64.p12 file here] Include the following lines. Make sure that there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Import the intermediate certificate: crypto ca trustpoint <trustpoint-cuma-signed> enrollment terminal crypto ca authenticate <trustpoint-cuma-signed> [paste the contents of the intermediate certificate here] The intermediate certificate is the second certificate in your_pemcert.pem, the PEM file that you created from the file you downloaded from the Cisco Unified Mobility Advantage during the prerequisites for this procedure. Include the following lines. Make sure that there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Import the root certificate: crypto ca trustpoint <trustpoint-cuma-root> enrollment terminal crypto ca authenticate <trustpoint-cuma-root> [paste the contents of the root certificate here] The root certificate is the third and last certificate in the PEM file your_pemcert.pem. Include the following lines. Make sure that there are no extra spaces at the end. -BEGIN CERTIFICATE----
Step 2
Step 3
2-9
--END CERTIFICATE----
(For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate
This procedure is required unless you are upgrading from Release 3.1.2 and reusing your signed certificate from your Proxy Server. This procedure has several subprocedures:

Generate a Certificate Signing Request, page 2-10 Submit the Certificate Signing Request to the Certificate Authority, page 2-11 Upload the Signed Certificate to the Cisco Adaptive Security Appliance, page 2-12
Generate a Certificate Signing Request

Before You Begin

Obtain the IP address and fully qualified domain name for the Proxy Host Name as specified in Obtaining IP Addresses and DNS Names from IT, page 1-3. Determine required values for your company or organization name, organizational unit, country, and state or province. See the table in Creating Security Contexts, page 9-7. You must enter identical values in the Cisco Adaptive Security Appliance and in the relevant security context in Cisco Unified Mobility Advantage.
Procedure
Step 1
Enter configuration mode: conf t Generate a key pair for this certificate: crypto key generate rsa label <keypair-cuma-signed> modulus 1024 You will see a Please wait... message; look carefully for the prompt to reappear.
Step 2
Step 3
Create a trustpoint with the necessary information to generate the certificate request: crypto ca trustpoint <trustpoint-cuma-signed> subject-name CN=<Proxy Host Name of the Cisco Unified Mobility Advantage server. Use the Fully Qualified Domain Name.>,OU=<organization unit name>,O=<company or organization name as publicly registered>,C=<2 letter country code>,St=<state>,L=<city> (For requirements for the Company, organization unit, Country, and State values, see the values you determined in the prerequisite for this procedure.) keypair <keypair-cuma-signed> fqdn <Proxy Host Name of the Cisco Unified Mobility Advantage server. This value must exactly match the value you entered for CN above.> enrollment terminal
Step 4
Get the certificate signing request to send to the Certificate Authority: crypto ca enroll <trustpoint-cuma-signed>
2-10
Chapter 2
% Start certificate enrollment. % The subject name in the certificate will be:CN=<Proxy Host Name of the Cisco Unified Mobility Advantage server>,OU=<organization unit name>,O=<organization name>,C=<2 letter country code>,St=<state>,L=<city> % The fully-qualified domain name in the certificate will be: <Proxy Host Name of the Cisco Unified Mobility Advantage server> % Include the device serial number in the subject name? [yes/no]: no % Display Certificate Request to terminal? [yes/no]: yes
Step 5
Copy the entire text of the displayed Certificate Signing Request and paste it into a text file. Include the following lines. Make sure that there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Save the text file.
Step 6
What To Do Next
Submit the Certificate Signing Request to the Certificate Authority, page 2-11
Submit the Certificate Signing Request to the Certificate Authority

You can obtain signed certificates for Cisco Unified Mobility Advantage from the following Certificate Authorities: VeriSign and GeoTrust. These certificates are supported because they are generally available on all mobile devices.
Before You Begin

Generate a Certificate Signing Request, page 2-10 Visit the web site of your chosen Certificate Authority to learn about the requirements and procedures for obtaining and deploying a signed 128-bit SSL certificate. If you are unsure which certificate to purchase, contact the Certificate Authority. Information about available certificates is subject to change. Also, check the requirements for extending the certificate so that you maintain the necessary records.
Procedure
Step 1
Visit the Certificate Authority web site and follow their instructions. You will need the CSR you generated above. This process may take up to 24 hours. Wait for the signed certificate to arrive by email. Comply with any instructions that arrive with the certificate. For example, you may need to copy an intermediate certificate from the certificate authority web site.
Step 2 Step 3
2-11
What To Do Next
Upload the Signed Certificate to the Cisco Adaptive Security Appliance, page 2-12
Upload the Signed Certificate to the Cisco Adaptive Security Appliance

Before You Begin

You will need the signed certificate that you requested in Submit the Certificate Signing Request to the Certificate Authority, page 2-11. Follow any deployment instructions from the Certificate Authority. For example, obtain any required intermediate certificate from the Certificate Authority web site.
Tip
If you use a VeriSign certificate, information on obtaining root and intermediate certificates is here: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO4785
Procedure
Step 1
Authenticate the trustpoint by importing the intermediate certificate: crypto ca authenticate <trustpoint-cuma-signed> Paste the contents of the intermediate certificate from the CA authority. Include the following lines. Make sure that there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---End with the word quit on a line by itself. Import the signed certificate: crypto ca import <trustpoint-cuma-signed> certificate Paste the contents of the signed certificate from the CA authority. End with the word quit on a line by itself. Add the root certificate: crypto ca trustpoint <trustpoint-cuma-root> enrollment terminal crypto ca authenticate <trustpoint-cuma-root> Paste the contents of the root certificate
Step 2
Step 3
Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage

The Cisco Adaptive Security Appliance requires a certificate in order to trust Cisco Unified Mobility Advantage.
2-12
Chapter 2
The Cisco Adaptive Security Appliance does not automatically trust certificates signed by a recognized certificate signing authority, so perform this procedure even if you deploy a signed certificate on Cisco Unified Mobility Advantage.
Before You Begin

Determine whether a self-signed certificate meets your needs. See options at Required and Recommended Self-Signed Certificates, page 9-3. Install or upgrade Cisco Unified Mobility Advantage. Perform one of the following:
After upgrade from Release 3.1.2, if you did not have a signed certificate on your Managed
Server: See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.
After a new installation: After you complete the Configuration Wizard, perform the procedure
in Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25.
After any installation: Generate a self-signed certificate from Cisco Unified Mobility
Advantage by Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11
Procedure
Step 1 Step 2
Open the self-signed certificate from Cisco Unified Mobility Advantage in WordPad (not Notepad.) Import the certificate into the Cisco Adaptive Security Appliance trust store: crypto ca trustpoint <trustpoint-cuma-selfsigned> enrollment terminal crypto ca authenticate <trustpoint-cuma-selfsigned> Select All and copy the contents of the certificate from WordPad. Include the following lines. Make sure there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Paste into the Cisco Adaptive Security Appliance command-line interface window.
Related Topics
Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4
What To Do Next
Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14
2-13
Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance
We recommend that you configure Cisco Unified Mobility Advantage to require a certificate from the Cisco Adaptive Security Appliance. Use this procedure to provide the required self-signed certificate.
Procedure
Step 1
Enter configuration mode: conf t Generate a key pair: crypto key generate rsa label <keypair-asa-cuma-selfsigned> You will see a Please wait... message; look carefully for the prompt to reappear.
Step 2
Step 3
Create the certificate: crypto ca trustpoint <trustpoint-asa-cuma-selfsigned> enrollment self keypair <keypair-asa-cuma-selfsigned> crypto ca enroll <trustpoint-asa-cuma-selfsigned> incl device serial number in the subject name - n Gen self signed - y Export the certificate: crypto ca export <trustpoint-asa-cuma-selfsigned> identity-certificate Copy and paste the text into WordPad. Include the following lines. Make sure there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Save the file as a text file.
Step 4
Step 5
Step 6
Troubleshooting Tip
If you need to retrieve the certificate text later, use this command: crypto ca export <trustpoint-name> identity-certificate
Related Topics
What To Do Next
After you install or upgrade Cisco Unified Mobility Advantage, import the certificate into the Security Context that is specified on the System Management > Network Properties page in the Admin Portal in Cisco Unified Mobility Advantage. If you used, or will use, the Configuration Wizard, this is the cuma Security Context. See Importing Self-Signed Certificates from Trusted Servers, page 9-10.
2-14
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Setting up the TLS Proxy
Setting up the TLS Proxy

Use the Cisco Adaptive Security Appliance command-line interface to set up the TLS proxy. This procedure creates a TLS proxy instance for Cisco Unified Mobile Communicator client connections and for Cisco Adaptive Security Appliance communications with Cisco Unified Mobility Advantage.
Before You Begin

Import the signed certificate to present to clients. See How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8. Generate a self-signed certificate from Cisco Adaptive Security Appliance and import it into Cisco Unified Mobility Advantage. See Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14.
Procedure
Step 1
Run these commands to set up the TLS Proxy on the Cisco Adaptive Security Appliance: tls-proxy <tls-proxy-name> server trust-point <trustpoint-cuma-signed> This is the trustpoint that holds the signed certificate that Cisco Adaptive Security Appliance will present to the mobile clients, which you imported above. client trust-point <trustpoint-asa-cuma-selfsigned> This is the trustpoint that holds the self-signed certificate that Cisco Adaptive Security Appliance will present to Cisco Unified Mobility Advantage, which you generated above and imported into Cisco Unified Mobility Advantage. no server authenticate-client In this release, the Cisco Adaptive Security Appliance must automatically trust the mobile client. Cisco Adaptive Security Appliance will not authenticate client connections. client cipher-suite aes128-sha1 aes256-sha1
Related Topics
Defining MMP Inspection

This procedure validates the Mobile Multiplexing Protocol (MMP), a proprietary protocol.
Procedure
Step 1 Step 2
Access the Cisco Adaptive Security Appliance command-line interface. Run these commands to define MMP inspection: access-list mmp_inspect extended permit tcp any any eq <Proxy Client Connection Port>
2-15
Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Testing Your Cisco Adaptive Security Appliance Configuration
class-map cuma_proxy match access-list mmp_inspect exit policy-map global_policy class cuma_proxy inspect mmp tls-proxy <tls-proxy-name> exit exit service-policy global_policy global
Testing Your Cisco Adaptive Security Appliance Configuration

Perform the following basic tests to be sure your configuration can successfully route communications internally and externally.
Procedure
Step 1 Step 2
Ping the private IP address of the Cisco Unified Mobility Advantage server from the Cisco Adaptive Security Appliance. Ping an IP address on the internet.
What To Do Next
If either test is unsuccessful, see Fixing Unsuccessful Pings, page 2-18.
Troubleshooting the Cisco Adaptive Security Appliance

Useful Commands, page 2-16 Fixing Unsuccessful Pings, page 2-18 SSL Handshake Failures, page 2-18 Debugging TLS-Proxy and MMP Configurations, page 2-18
Useful Commands
The following are useful commands for troubleshooting your Cisco Adaptive Security Appliance configuration. You may need to be in a particular mode, such as privileged EXEC, in order to use some of these commands. For complete information on any command, see the Cisco Security Appliance Command Reference.
2-16
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Troubleshooting the Cisco Adaptive Security Appliance
To Enable logs for troubleshooting
Use These Commands

logging timestamp logging list loglist message 711001 logging list loglist message 725001-725014 logging list loglist message 717001-717038 logging buffer-size 1000000 logging buffered loglist logging debug-trace
Show the current logging configuration Clear logs Show the current configuration settings Show existing keypairs to see if a keypair has been generated. Display certificate information to verify that it was entered and imported correctly. Check configuration of all certificates on the Cisco Adaptive Security Appliance Check configuration of the certificate from Cisco Unified Mobility Advantage that you imported into the Cisco Adaptive Security Appliance Clear a command or remove a configured item, such as a trustpoint, to reconfigure it Clear a configuration under a specific command so that you can reconfigure it
show logging clear logging buffer show running-config sh crypto key mypubkey rsa sh crypto ca certificate <certificate_name> sh crypto ca certificates sh crypto ca trustpoints
no <command to clear> clear configure <command> Example: To delete the tls proxy: clear configure tls-proxy
Use the following commands to see what happens on the Cisco Adaptive Security Appliance when you try to connect using the client: Show the information about the current tls-proxy sh tls-proxy session detail session Show debug messages for TLS proxy inspection Show a list of active MMP sessions Display inspect MMP events
Related Topics

debug inspect tls-proxy show mmp debug mmp
No Connectivity On Initial Tests, page 19-3 Some Clients Cannot Connect on Initial Tests, page 19-3
2-17
Chapter 2 Troubleshooting the Cisco Adaptive Security Appliance
Fixing Unsuccessful Pings

Procedure
If You cannot ping the private IP address of the Cisco Unified Mobility Advantage server from the Cisco Adaptive Security Appliance
Do This
a.
Use the following command to check if the first hop is your default router: traceroute <private IP address of the Cisco Unified Mobility Advantage server> source inside Check the routing commands for the inside interface Make sure that you have configured the access-list to allow traffic to go through the inside interface
b. c.
Ping an IP address on the internet from the Cisco Adaptive Security Appliance.
Check the routing commands for the outside interface.
SSL Handshake Failures

Note the following:
SSL handshake errors can result from problems with the connection between the client and the Cisco Adaptive Security Appliance or between the Cisco Adaptive Security Appliance and Cisco Unified Mobility Advantage. Check both sets of configurations. This error is benign: %ASA-7-725014: SSL lib error. Function: SSL3_READ_BYTES Reason: ssl handshake failure, If a SSL Handshake error message causes the tls-proxy session to close, then check certificate configuration: sh crypto ca certificates sh crypto ca trustpoints
If any of the trustpoints shows as Not configured, revisit the certificate portion of the configuration.
Debugging TLS-Proxy and MMP Configurations

Try this procedure if connections are unsuccessful.
Procedure
Step 1
Use the following commands to enable debugging: debug inspect tls-proxy all debug mmp
Step 2
Use the following commands to check if MMP inspection is happening:
2-18
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Troubleshooting the Cisco Adaptive Security Appliance
show mmp show tls-proxy

Step 3
Check if the inspection port is correct, if you see MMP messages on the logs but no tls-proxy messages.
2-19
Chapter 2 Troubleshooting the Cisco Adaptive Security Appliance
2-20
CH A P T E R
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage
Revised Date: June 30, 2009
Configure Cisco Unified Communications Manager to provide features to Cisco Unified Mobility Advantage.
Note
Specific instructions for these procedures may vary depending on your release of Cisco Unified Communications Manager. See the documentation for your release for the instructions for your release.

How to Configure Call Log Monitoring How to Configure Dial Via Office Configuring Prerequisites for Transfer of Active Calls Between Phones, page 3-13 How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13 Backup Cisco Unified Communications Manager Server Configuration, page 3-18 Changes to Cisco Unified Communications Manager Configurations, page 3-18 How to Configure Cisco Unified Communications Manager for Each User and Device, page 3-19
How to Configure Call Log Monitoring

In addition to the basic configurations required to run Cisco Unified Mobility Advantage (such as configuring the Cisco Adaptive Security Appliance, configuring users in Cisco Unified Mobility Advantage, and installing the client on the mobile phone), perform the following steps that are specific to this feature.

Configuring Call Log Monitoring, page 3-2 Creating CTI-Enabled Super User Accounts, page 3-3 Ensuring That the CTI Service Is Running, page 3-5 Configuring Standard AXL API Access to Retrieve User Information, page 3-5
3-1
Chapter 3 How to Configure Call Log Monitoring
Application Dialing Rules, page 3-6 Recommended Directory Lookup Settings, page 3-7 Configuring Directory Lookup Rules in Cisco Unified Communications Manager, page 3-8
Configuring Call Log Monitoring

Procedure
To
Step 1
See Stopping Cisco Unified Mobility Advantage, page 11-1

If you are making changes to a running system, stop Cisco Unified Mobility Advantage. Note that this will impact users. Configure system-level requirements in Cisco Unified Communications Manager.
Step 2
Creating CTI-Enabled Super User Accounts, page 3-3 Ensuring That the CTI Service Is Running, page 3-5 Configuring Standard AXL API Access to Retrieve User Information, page 3-5 Application Dialing Rules, page 3-6
If you are using Cisco Unified Communications Manager Release 5.x or later:

Recommended Directory Lookup Settings, page 3-7 Directory Lookup Settings, page A-8 Configuring Directory Lookup Rules in Cisco Unified Communications Manager, page 3-8 Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features), page 3-19 Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19 Configuring User Accounts in Cisco Unified Communications Manager, page 3-20
Step 3
Make sure users and their devices are configured properly in Cisco Unified Communications Manager.
3-2
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Call Log Monitoring
To
Step 4
See If this is a new installation, you will perform these procedures when you run the Configuration Wizard after installation. If this is an upgrade from Release 3.x, or you are changing your release of Cisco Unified Communications Manager for a running system:

After you install Cisco Unified Mobility Advantage, configure Cisco Unified Mobility Advantage to connect to Cisco Unified Communications Manager.
Viewing and Changing Enterprise Adapter Settings, page 10-4 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 Server Settings, page A-7 Recommended Directory Lookup Settings, page 3-7 Directory Lookup Settings, page A-8 Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage, page 10-5
Step 5
If you are using Cisco Unified Communications Manager Release 4.x, configure directory lookup rules in Cisco Unified Mobility Advantage.
Step 6
Enable call log monitoring in Cisco Unified Mobility Advantage.
If this is a new installation, you will perform this procedure when you run the Configuration Wizard after installation. If this is an upgrade from Release 3.x, or you are adding or changing this feature on a running system:
Enabling Call Log Monitoring and Configuring Options, page 12-2
Step 7
Start Cisco Unified Mobility Advantage if you are reconfiguring a running system.
Related Topics
Starting Cisco Unified Mobility Advantage, page 11-1
How to Solve Call Log Problems, page 19-8
Creating CTI-Enabled Super User Accounts

Cisco Unified Mobile Communicator lets users view call logs that include calls to their desk phones, in addition to calls on their mobile phones. You must create up to four super user accounts to support this feature. These will be End User accounts, but they are distinct from the accounts for each human user. Because Cisco Unified Communications Manager limits End User accounts to support for 250 devices, you may need to create up to four separate accounts to accommodate the maximum 1000 Cisco Unified Mobility Advantage users. You will associate these accounts with the primary directory number (usually the desk phone) for each user of Cisco Unified Mobile Communicator.
Procedure
Step 1
Sign in to the Cisco Unified Communications Manager Admin interface.
3-3
Select User Management > End User. Select Add New. Add the primary phone (usually the desk phone, but not the mobile phone) for each Cisco Unified Mobile Communicator user to the Controlled Devices list in the Device Information section.
Tip
You can add one device now for testing purposes, then add the remainder of the devices later, when you are configuring Cisco Unified Communications Manager for each user and device.
Step 5
Assign the End User to the proper groups and roles: In Cisco Unified Communications Manager Release 4.x 5.1 6.0
Do This Select Enable CTI Application Use on the User Configuration window.

Assign the user to the Standard CTI Enabled group. Make sure user is assigned to the Standard CCM End Users group. From the End User Configuration window, select Allow Control of Device from CTI for this user. (This is the default.) Add the following Groups into the Permissions Information section:
Standard CTI Enabled Standard CCM End Users.
7.0
1.
2. 3.
Select Save. Verify that the following Roles appear:

Standard CTI Enabled, Standard CCMUSER Administration Standard CCM End Users.
4. Step 6 Step 7 Step 8
Select Allow Control of Device from CTI.
Configure the remaining fields as needed for your deployment. They are not specifically used by Cisco Unified Mobility Advantage. Select Save. Note the user IDs and passwords for these accounts. You will need this information when:

you configure Cisco Unified Mobility Advantage. you add support for additional users.
Related Topics
Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19
3-4
Chapter 3
Ensuring That the CTI Service Is Running

Make sure that the CTIManager service is activated and running, or call logs will not be updated. These instructions apply to Cisco Unified Communications Manager Release 5.x and later. For Release 4.x, see your Cisco Unified Communications Manager documentation.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9
Open the Cisco Unified Communications Manager Admin interface but do not sign in. Select Cisco Unified Serviceability from the list box in the upper right corner of the page. Select Go. Sign in with your platform credentials. Select Tools > Service Activation. Select the publisher server. Select Cisco CTIManager. Select Save. Restart Cisco Unified Mobility Advantage if it is running.
Configuring Standard AXL API Access to Retrieve User Information

You must create an application user account with AXL API access in order to allow Cisco Unified Mobility Advantage to retrieve user information such as the primary line from Cisco Unified Communications Manager. This topic applies to Cisco Unified Communications Manager releases 5.x through 7.0 only. (For Cisco Unified CallManager release 4.x, Cisco Unified Mobility Advantage determines which line to monitor for call log monitoring by using the attribute you specify for Work Phone in the Advanced Settings tab of the Enterprise Adapter page for Active Directory. By default, this is the telephoneNumber attribute. This attribute must contain a unique value for each user.)
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9
Sign in to the Cisco Unified Communications Manager Admin interface. Select User Management > Application User. Select Add New. Enter information for this application user. Add the Standard CCM Super Users Group into the Permissions Information section. Select Save. Verify that the Standard AXL API Access role appears. Configure the remaining fields as needed for your deployment. They are not specifically used by Cisco Unified Mobility Advantage. Select any item in the Permissions Information > Roles list, then select View Details.
3-5
Step 10 Step 11 Step 12 Step 13 Step 14 Step 15
Scroll to the bottom of the detailed Roles view, then select Add New. Select Cisco Call Manager AXL Database from the list and select Next. Enter a name and description for this new role. Select Allow to use API. Select Save. Note the user ID and password for this account.
What To Do Next
After you install Cisco Unified Mobility Advantage or upgrade from Release 3.x, enter this Application User ID and its associated password into the Server Settings page of the Enterprise Adapter configuration for Cisco Unified Communications Manager. For Release 7.0(2), enter the information into the Web Services Information section; for Release 7.0(1), enter the information into the "SOAP Information" section. See About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6.
Application Dialing Rules

Because people dial numbers from mobile phones differently than the way they dial numbers from desk phones, you must configure Cisco Unified Communications to accommodate the different dialing rules. For example, in the United States, there are several dialing prefixes that employees generally must use when dialing from desk phones, which users of mobile phones normally do not use:

Calls from desk phones to numbers outside the company in the same telephone area code must begin with 9. Calls from desk phones to numbers outside the company in a different telephone area code must begin with 91. Calls from desk phones to numbers outside the company and outside the country must begin with 9011, while international calls from mobile phones often begin with a +.
To allow users to dial from mobile devices without using these additional digits, define appropriate Application Dial Rules for your country or location. These dialing rules also apply to the mobile device phone numbers you specify when provisioning users.
Note
These dialing rules do not apply to alternate callback numbers that the user specifies in Cisco Unified Mobile Communicator. Users must enter alternate callback numbers in the format they would use if they were dialing from their desk phones. For information about configuring application dialing rules, see the online help in Cisco Unified Communications Manager. Work with your Cisco Unified Communications Manager administrator to configure these rules.
Note
Restart Cisco Unified Mobility Advantage if you make changes to a running system.
3-6
Chapter 3
Recommended Directory Lookup Settings

Call logs in Cisco Unified Mobile Communicator can display the name as well as the phone number of callers and called parties who are in the corporate directory. Cisco Unified Mobility Advantage finds these names by searching for the phone number in the directory. However, callers can successfully dial numbers that do not exactly match the pattern of the numbers in the directory, so you should create Directory Lookup rules to accommodate dialed numbers with formats that do not match the format in the directory. For example, if the user dials 95551111 (9-555-1111) to reach a person whose number appears in the directory as 5551111, you must create a rule that strips the 9 from the beginning of the number before searching, so that it matches the entry in the directory. Use Directory Lookup rules to transform the following numbers into the number as it appears in the directory:

Numbers dialed from the primary desk phone of the user (For Cisco Unified Communications Manager 7.0 only) Numbers dialed from the mobile phone using the Dial-via-Office feature Numbers of corporate callers who call the primary office number of the user.
Include rules to accommodate all numbers that can successfully be connected, including numbers as users may dial them when roaming outside their home area code or country. For example, account for the following within the United States:

the extension only numbers within the home area code dialing from other area codes dialing from other country codes dialing prefixes such as:
011 and + (International direct dialing prefix - for dialing international numbers from the United
States)
1 (National direct dialing prefix - for dialing numbers in another area code in the United States) 8 or 9 (Dial out prefix - required for dialing numbers outside of many companies)
Create your rules so that only one rule can apply to each phone number, or order the rules so that the intended number matches before any other possible match. For example, list 54321 before 543 to ensure that 54321 does not match 543 instead of 54321. Configure separate rules for incoming and outgoing calls.
Tip
To help determine which Directory Lookup rules you will need, look at your Application Dial Rules in Cisco Unified Communications Manager. Examples of rules for outgoing calls:
3-7
Setting Number Begins With Number of Digits Total Digits To Be Removed Prefix With Pattern Result = Number in the directory
Number Dialed Number Dialed Number Dialed Is: Is: Is: 1111 5551111 95551111 4 555 5551111 5551111 No rule is needed. 9555 8 1 5551111
Number Dialed Number Dialed Is: Is: 4085551111 914085551111 408555 10 3 5551111 91408555 12 5 5551111
Number Dialed Is: +14085551111 001408555 12 5 5551111
Cisco Unified Mobility Advantage tests each phone number against each rule in the order in which it appears. When Cisco Unified Mobility Advantage finds an applicable rule, it applies the rule to the phone number, searches the directory for the resulting number, retrieves any matching name, and includes the name in the call log in Cisco Unified Mobile Communicator. If no match is found, Cisco Unified Mobility Advantage looks to see if another rule applies. If no rules apply, Cisco Unified Mobility Advantage searches the directory for the unmodified number.
Related Topics
Directory Lookup Settings, page A-8
Configuring Directory Lookup Rules in Cisco Unified Communications Manager

Cisco Unified Mobility Advantage can identify callers and called parties by name in the user call logs, if you configure directory lookup rules to match the dialed number to the associated name in the directory. Because the numbers dialed to and from mobile phones may be in different formats from the numbers dialed from desk phones, the directory lookup rules for mobile calls may differ from existing directory lookup rules configured in Cisco Unified Communications Manager. You must add directory lookup rules to handle calls to and from mobile devices. Any time you change the directory lookup rules, restart Cisco Unified Mobility Advantage if it is running.
Restrictions
For Cisco Unified Communications Manager versions 5.x through 7.0, configure directory lookup rules in Cisco Unified Communications Manager using the procedure in this topic. For Cisco Unified CallManager release 4.x, configure the Directory Lookup Settings in Cisco Unified Mobility Advantage. See Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage, page 10-5.
Before You Begin
Determine the directory lookup settings you need to add. See the following:
3-8
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Dial Via Office
Recommended Directory Lookup Settings, page 3-7 Directory Lookup Settings, page A-8
For more information about configuring directory lookup rules in Cisco Unified Communications Manager, see the online help in Cisco Unified Communications Manager.
Procedure
Step 1 Step 2 Step 3 Step 4
Sign in to the Cisco Unified Communications Manager Admin interface. Choose Call Routing > Dial Rules > Directory Lookup Dial Rules. Select Add New. Enter specifics for the rule.

For rules to be applied to incoming calls to the mobile device, the Rule Name MUST begin with indir. For example, indir_international. For rules to be applied to outgoing calls from the mobile device, the Rule Name MUST begin with outdir. For example, outdir_internal.
Select Save. Repeat to create each rule. Select any rule name in the list Use the arrows to position each rule in order to ensure correct matching. Select Save. Restart Cisco Unified Mobility Advantage if it is running.
How to Configure Dial Via Office

Cisco Unified Communications Manager Release 7.0(1) Service Update 1 or higher is required for dial via office. Dial via Office allows users to make calls from their mobile phone as if they were dialing from their desk phone.

Configuring Dial Via Office, page 3-9 Configuring the Enterprise Feature Access Directory Number, page 3-11 Important Information About DTMF Access Codes, page 3-12 Device Pool Requirements, page 3-12
Configuring Dial Via Office

In addition to the basic configurations required to run Cisco Unified Mobility Advantage (such as configuring the Cisco Adaptive Security Appliance, configuring users in Cisco Unified Mobility Advantage, and installing the client on the mobile phone), perform the following steps that are specific to this feature.
3-9
Chapter 3 How to Configure Dial Via Office
Tip
Configuring this functionality is complex. Perform these procedures carefully to ensure that you do not omit or misconfigure anything.
Procedure
To
Step 1
See
If you are making changes to a running system, Stopping Cisco Unified Mobility Advantage, stop Cisco Unified Mobility Advantage. page 11-1 Note that this will impact users. Configure system-level requirements in Cisco Unified Communications Manager. If you configured Cisco Unified Communications Manager for call log monitoring, you have addressed the first two already.

Step 2
Creating CTI-Enabled Super User Accounts, page 3-3 Configuring Standard AXL API Access to Retrieve User Information, page 3-5 Configuring the Enterprise Feature Access Directory Number, page 3-11 Important Information About DTMF Access Codes, page 3-12 Device Pool Requirements, page 3-12 Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features), page 3-19 Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19 Configuring User Accounts in Cisco Unified Communications Manager, page 3-20 Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21
Step 3
Configure each user and device in Cisco Unified Communications Manager. If you configured Cisco Unified Communications Manager for call log monitoring, you may have addressed the first three already.
Step 4
After you install Cisco Unified Mobility Advantage, configure Cisco Unified Mobility Advantage to connect to Cisco Unified Communications Manager.
If this is a new installation, you will perform these procedures when you run the Configuration Wizard after installation. If this is an upgrade from Release 3.x, or you are changing your Cisco Unified Communications Manager release with a running system:

Viewing and Changing Enterprise Adapter Settings, page 10-4 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6
3-10
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Dial Via Office
To
Step 5
See If this is a new installation, you will perform these procedures when you run the Configuration Wizard after installation. If this is an upgrade from Release 3.x, or you are adding or changing this feature on a running system:
Enable the Dial via Office feature in Cisco Unified Mobility Advantage.
Enabling the Dial-Via-Office Feature and Options, page 12-3
Step 6
Start Cisco Unified Mobility Advantage if you are reconfiguring a running system.
Related Topics
How to Solve Problems With the Dial Via Office Feature, page 19-10
Configuring the Enterprise Feature Access Directory Number

If the Enterprise Feature Access Directory Number is already configured, you do not need to make further changes. The Cisco Unified Mobility Advantage uses the Enterprise Feature Access Directory Number for the caller ID when Cisco Unified Communications Manager calls back the user in Dial-via-Office calls. This number appears in the native call log on the mobile phone, but does not appear in the call logs within Cisco Unified Mobile Communicator. If you want Cisco Unified Mobile Communicator users to be able to use DTMF codes to access mid-call features such as hold, resume, park, and conference when they use the Dial via Office feature, configure Enterprise Feature Access using the instructions in the Cisco Unified Communications Manager documentation. Otherwise, use the procedure in this topic.
Procedure
Sign in to the Cisco Unified Communications Manager Admin interface. Select Call Routing > Mobility Configuration. Enter values for the following fields:
3-11
Chapter 3 How to Configure Dial Via Office
Option Handoff Number
Description This value is required in order to create an Enterprise Feature Access partition; if you do not otherwise require a Handoff Number, enter a dummy internal unused DN that is associated with a valid partition. This value is required in order to create an Enterprise Feature Access partition. This partition should be present in the Remote Destination inbound Calling Search Space, which points either to the inbound Calling Search Space of the Gateway or Trunk or to the Remote Destination Calling Search Space.
Handoff Number Partition
Enterprise Feature Access Directory Number Enterprise Feature Access Directory Number Partition
Enter the Direct Inward Dial (DID) number that is required for enterprise feature access. This number must be unique. This partition should be present in the Remote Destination inbound Calling Search Space, which points either to the inbound Calling Search Space of the Gateway or Trunk or to the Remote Destination Calling Search Space.
Important Information About DTMF Access Codes

This topic applies to Cisco Unified Communications Manager release 7.0. All DTMF access codes that you configure in Cisco Unified Communications Manager must be mutually exclusive. Make sure the default mobility DTMF access codes do not overlap with other mid-call DTMF access codes. For example, by default mobility features and Cisco Unity both use the asterisk (*) for midcall features, which prevents DTMF features in both applications from working properly. This issue is not specific to Cisco Unified Mobility Advantage, but will affect Cisco Unified Mobile Communicator users when they access voicemail or use mid-call features. To configure DTMF access codes, see the documentation for your release of Cisco Unified Communications Manager.
Related Topics
Configuring the Enterprise Feature Access Directory Number, page 3-11
Device Pool Requirements

When you configure mobile devices for each user in Cisco Unified Communications Manager, each Cisco Unified Mobile Communicator device must be associated with a device pool that includes the Cisco Unified Communications Manager server to which Cisco Unified Mobility Advantage will point. For simplicity, consider creating a dedicated device pool for this purpose.
3-12
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage Configuring Prerequisites for Transfer of Active Calls Between Phones
If you will specify a primary and a backup Cisco Unified Communications Manager server in Cisco Unified Mobility Advantage, list the servers in that order (first primary, then secondary) in the Cisco Unified Communications Manager group associated with this device pool. For information about Device Pools, see the Cisco Unified Communications Manager documentation.
Related Topics
Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21
Configuring Prerequisites for Transfer of Active Calls Between Phones

This feature is only available with Cisco Unified Communications Manager Releases 6.x and 7.0. To allow users to transfer calls in progress between their desk phones and their mobile phones, configure the mobility handoff functionality (also referred to as the Desktop Call Pickup feature) in Cisco Unified Communications Manager.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8
Sign in to the Cisco Unified Communications Manager Admin interface. Select Device > Device Settings > Softkey Template. Create a new template or modify an existing template. Select Configure Softkey Layout from the Related Links menu in the upper right corner of the window. Select Go. Select Connected for Select a call state to configure. Add Mobility to the selected Softkeys. Select Save.
Related Topics
Adding the Softkey Template to the Primary Desk Phone of Each User, page 3-21
How to Configure Server Security for Connections with Cisco Unified Communications Manager
Server security features are available only with Cisco Unified Communications Manager Release 7.0(1) Service Update 1 or later. Secure connections between internal servers are not required by default for Cisco Unified Mobility Advantage to operate. However, your Cisco Unified Communications Manager configuration and your corporate security policies may require a secure connection between Cisco Unified Mobility Advantage and Cisco Unified Communications Manager.
3-13
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager
Configuring Secure Connections with Cisco Unified Communications Manager, page 3-14 Cisco Unified Mobility Advantage Server Security Profile, page 3-15 Obtaining a Certificate from Cisco Unified Communications Manager, page 3-16 Importing Certificates into Cisco Unified Operating System Servers, page 3-16
Configuring Secure Connections with Cisco Unified Communications Manager

This procedure set describes how to deploy self-signed certificates for secure connections between Cisco Unified Mobility Advantage and Cisco Unified Communications Manager. You must perform some of these steps after you install Cisco Unified Mobility Advantage.
Before You Begin

If you want to familiarize yourself with server security concepts for Cisco Unified Mobility Advantage, see Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage. Determine whether this procedure fits into your Cisco Unified Communications Manager security plan. Security configuration in Cisco Unified Communications Manager is quite complex. See the Cisco Unified Communications Manager Security Guide for complete information. We recommend that you verify that the Dial via Office, MobileConnect, and call log monitoring features function properly before you configure server security.
Procedure
Do This
Step 1
For Instructions, See
If you are making changes to a running system, stop Stopping Cisco Unified Mobility Advantage, Cisco Unified Mobility Advantage. page 11-1 Note that this will impact users. In Cisco Unified Mobility Advantage, create a Creating Security Contexts, page 9-7 Security Context that specifies Trusted Certificates for the Trust Policy. You can use this Security Context for all enterprise servers that have the same security requirements. If you will follow the instructions for the Configuration Wizard you can use the cuma Security Context.
Step 2
Step 3 Step 4
Stop Cisco Unified Mobility Advantage if it is running. In the Enterprise Adapter for Cisco Unified Communications Manager, select TLS as the Transport Type, then specify the Security Context that you created in an earlier step in this table.
Stopping Cisco Unified Mobility Advantage, page 11-1

Viewing and Changing Enterprise Adapter Settings, page 10-4 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6
Step 5
In Cisco Unified Communications Manager, require Cisco Unified Mobility Advantage Server Security Profile, page 3-15 secure communications.
3-14
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager
Do This
Step 6 Step 7 Step 8 Step 9 Step 10
For Instructions, See Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11 Importing Certificates into Cisco Unified Operating System Servers, page 3-16 Obtaining a Certificate from Cisco Unified Communications Manager, page 3-16 Importing Self-Signed Certificates from Trusted Servers, page 9-10
Download a self-signed certificate from Cisco Unified Mobility Advantage. Import this certificate to the trust store of Cisco Unified Communications Manager. Generate a certificate from Cisco Unified Communications Manager. Import this certificate to the trust store of Cisco Unified Mobility Advantage. If you configure a backup Cisco Unified Communications Manager server, repeat this procedure for the backup server. Start Cisco Unified Mobility Advantage if you are reconfiguring a running system.
Step 11
Cisco Unified Mobility Advantage Server Security Profile

This section applies only to Cisco Unified Communications Manager Release 7.0. To create a security profile for the Cisco Unified Mobility Advantage server in Cisco Unified Communications Manager, see the Configuring a Cisco Unified Mobility Advantage Security Profile chapter in the Cisco Unified Communications Manager Security Guide at http://cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html?q= . Essentially, you will set the Transport Type to TLS, by specifying Authenticated or Encrypted as the Device Security Mode on the CUMA Server Security Profile page. Keep the following points in mind:

You can associate only one Cisco Unified Mobility Advantage server with each Cisco Unified Communications Manager cluster. If you allow a TCP (non-secure) connection, you are not limited to a single Cisco Unified Mobility Advantage per Cisco Unified Communications Manager server. When you configure a Security Context in Cisco Unified Mobility Advantage for the Cisco Unified Communications Manager enterprise adapter, the connection type must be the same as the connection type you specify in Cisco Unified Communications Manager. If you require authenticated or encrypted connections, you must provide the required certificate to Cisco Unified Communications Manager. The X.509 value you need to supply is generally the hostname of the Cisco Unified Mobility Advantage server.
Related Topics

Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13
3-15
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager
Obtaining a Certificate from Cisco Unified Communications Manager

This topic applies only if you are using Cisco Unified Communications Manager Release 7.0 and is not required unless you configure Cisco Unified Mobility Advantage to require a self-signed certificate for identity verification when connecting to Cisco Unified Communications Manager.
Before You Begin

Create a Security Context in Cisco Unified Mobility Advantage and set the Trust Policy to Trusted Certificates. See Creating Security Contexts, page 9-7. Assign that Security Context to the Enterprise Adapter for Cisco Unified Communications Manager. See Viewing and Changing Enterprise Adapter Settings, page 10-4.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12
Open the Cisco Unified Communications Manager Admin interface but do not sign in. Select Cisco Unified OS Administration from the list box in the upper right corner of the page. Sign in using the platform administration credentials for the Cisco Unified Communications Manager server. Select Security > Certificate Management. Select Find to display all certificates. Select CallManager.pem. Select Download. Save the .cer file to your desktop. Return to the list of certificates. Select tomcat.pem. Select Download. Save the .cer file to your desktop.
What To Do Next

Continue with remaining procedures in How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13. Continue with other procedures in this chapter for deploying Cisco Unified Communications Manager with Cisco Unified Mobility Advantage.
Importing Certificates into Cisco Unified Operating System Servers

If your IT security policies require Cisco Unified Communications Manager, Cisco Unified Presence, or Cisco Unity Connection servers to require a self-signed certificate from Cisco Unified Mobility Advantage, use this procedure to import that certificate. For more information about uploading the required certificates to the trust store of the Cisco Unified Communications Manager or other server, see the Security chapter of the Cisco Unified Communications Operating System Administration Guide for that server.
3-16
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager
Before You Begin
Determine whether the server requires a certificate from Cisco Unified Mobility Advantage. For Cisco Unified Communications Manager, see Cisco Unified Mobility Advantage Server Security Profile. For other servers, see the documentation for those servers. By default, a certificate is not required. Obtain a certificate from Cisco Unified Mobility Advantage. See Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7
Open the Admin interface of the server in a browser window. Select Cisco Unified OS Administration in the top right corner of the window. Select Go. Sign in. Select Security > Certificate Management Select Upload Certificate. Enter information: Item Certificate Name Description For the Cisco Unified Communications Manager server: Select CallManager-trust from the list. For the Cisco Unified Presence server: Select sipproxy-trust from the list. For Cisco Unity Connection: Select tomcat-trust from the list. Root Certificate Description Enter a name for the Cisco Unified Mobility Advantage certificate. Enter a description.
Step 8
Select Browse and select the certificate file from Cisco Unified Mobility Advantage. For example, if you generated a self-signed certificate, locate the .cer file you saved. Select Upload File. Restart the service:
a. b. c. d. e.
Step 9 Step 10
Select Cisco Unified Serviceability from the list box in the top right corner of the window. Select Go. Sign in using your platform administrator credentials. Select Tools > Service Activation. For Cisco Unified Communications Manager: Restart the CiscoCallManager service. For Cisco Unified Presence: Restart the Presence Engine Service and the Proxy Service.
f.
3-17
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage Backup Cisco Unified Communications Manager Server Configuration
g.
For Cisco Unity Connection: Restart the Connection IMAP Server and Connection SMTP Server services.
Step 11
Restart Cisco Unified Mobility Advantage if it is running.
What To Do Next
Complete certificate deployment requirements for your server:

For Cisco Unified Communications Manager, see How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13. For Cisco Unified Presence, see How To Configure Server Security for Cisco Unified Presence, page 4-3. For Cisco Unity Connection, see Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5.
Backup Cisco Unified Communications Manager Server Configuration

If you will specify a backup Cisco Unified Communications Manager server, make sure it is configured identically to the primary Cisco Unified Communications Manager server.
Changes to Cisco Unified Communications Manager Configurations

If you change the user ID or password of any of the CTI-enabled super user accounts, or of the Application User account to which you assigned AXL API access, update the Enterprise Adapter for Cisco Unified Communications Manager in the Admin Portal of Cisco Unified Mobility Advantage,. Before you make any changes in this adapter, stop Cisco Unified Mobility Advantage, then start Cisco Unified Mobility Advantage again after you submit your changes. Stopping Cisco Unified Mobility Advantage will log all users out of Cisco Unified Mobile Communicator.
Related Topics

Creating CTI-Enabled Super User Accounts, page 3-3 Configuring Standard AXL API Access to Retrieve User Information, page 3-5 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 Stopping Cisco Unified Mobility Advantage, page 11-1 Starting Cisco Unified Mobility Advantage, page 11-1
3-18
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device
How to Configure Cisco Unified Communications Manager for Each User and Device
Provision each user in Cisco Unified Communications Manager.

Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features), page 3-19 Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19 Configuring User Accounts in Cisco Unified Communications Manager, page 3-20 Adding the Softkey Template to the Primary Desk Phone of Each User, page 3-21 Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21 Configuring a Presence Account for Each User in Cisco Unified Communications Manager, page 3-24
Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features)

Each user must already have a functioning account with a primary desk phone number configured in Cisco Unified Communications Manager. These instructions assume the Primary Extension is the desk phone directory number. Make sure the Owner User ID is configured for the desk phone. You have configured all applicable system-level requirements in Cisco Unified Communications Manager documented earlier in this chapter. If you are using Cisco Unified Communications Manager Release 7.x and users of the Release 3.x client for Nokia Symbian phones will use the same mobile phone number after they migrate to Release 7.x of the client, you must delete their existing Remote Destination profile before you configure the user and device in Cisco Unified Communications Manager following instructions in this section.
Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User
This topic applies to all deployments. Add the primary phone (usually the desk phone, but not the mobile phone) of each Cisco Unified Mobile Communicator user to the Device Information section of one of the CTI-enabled super users that you created above.
Before You Begin
You will need the usernames of the super user accounts you created in Creating CTI-Enabled Super User Accounts, page 3-3.
3-19
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device
Procedure
Sign in to the Cisco Unified Communications Manager Admin interface. Select User Management > End User. Select Find. Select the appropriate End User in the list. Scroll to the Device Information section. Double-click the desk phone device (not the mobile phone) in the Available Devices list. The phone will move to the Controlled Devices list. Repeat for each device to add. Select Save. Restart Cisco Unified Mobility Advantage if it is running.
Troubleshooting Tip
If you do not see the phone in the Available Devices list, select Find More Phones. See the online help for Cisco Unified Communications Manager for more information.
Configuring User Accounts in Cisco Unified Communications Manager

This topic applies to all deployments. (For Cisco Unified Communications Manager Release 6.x and later) Enabling mobility features enables MobileConnect (which rings the mobile phone when callers call the desk phone number), and in-call features such as the ability to transfer and hold calls. [For Cisco Unified Communications Manager Release 7.0(1) Service Update 1] Enabling mobility also enables Dial via Office. Enabling mobility may consume device license units (DLUs). For details, search the online help in Cisco Unified Communications Manager for Enable Mobility.
Procedure
Sign in to the Cisco Unified Communications Manager Admin interface. Select User Management > End User. Find the user to configure. Select Allow Control of Device from CTI. Set the Primary Extension in the Directory Number Association to the directory number of the primary line, usually the desk phone. (For Cisco Unified Communications Manager Releases 6.x and 7.0) Select Enable Mobility. Assign the user to the proper groups and roles: Add the following into the Permissions Information section:
Groups:
3-20
Chapter 3
Standard CTI Enabled Standard CCM End Users.
Roles:
Standard CTI Enabled, Standard CCMUSER Administration Standard CCM End Users.
Step 8
Select Save.
Adding the Softkey Template to the Primary Desk Phone of Each User
This feature is only available with Cisco Unified Communications Manager Releases 6.x and 7.0. This procedure allows users to transfer active calls between their desk phones and their mobile phones.
Before You Begin

Complete the procedure in Configuring Prerequisites for Transfer of Active Calls Between Phones, page 3-13. If you have configured a common device configuration that is assigned to the desk phones of all of your mobile users, modify that common device configuration instead of each individual phone as described in this procedure.
Procedure
Sign in to the Cisco Unified Communications Manager Admin interface. Navigate to the page associated with the primary desk phone of a Cisco Unified Mobile Communicator user. Look for the Softkey Template field. Select the softkey template you created for transferring active calls between phones. Select Save. Repeat this procedure for each Cisco Unified Mobile Communicator user.
Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager
This procedure applies to Cisco Unified Communications Manager Release 7.0(1) Service Update 1 only. For Cisco Unified Communications Manager Release 6.x, follow the instructions in the Cisco Unified Communications Manager documentation for configuring Remote Destinations and enabling the MobileConnect feature.
3-21
Before You Begin

You have addressed all requirements and completed all configurations previously described in this chapter. The MobileConnect feature (formerly known as Single Number Reach) must be working independently of Cisco Unified Mobility Advantage. If the phone number that you will use for the Cisco Unified Mobile Communicator device is already configured in Cisco Unified Communications Manager as a Remote Destination, delete the Remote Destination for that number before you perform this procedure. Familiarize yourself with the Device Pool Requirements, page 3-12.
Procedure
Step 1 Step 2
Sign in to the Cisco Unified Communications Manager Admin interface. Add the mobile phone:
a. b. c. d. e.
Select Device > Phone. Select Add New. Select Cisco Unified Mobile Communicator as the Phone Type. Select Next. Enter values: Description Descriptive name (up to 15 characters) If you created a dedicated Device Pool when you reviewed the device pool requirements, choose that Device Pool. If you did not create a dedicated Device Pool, specify a Device Pool that includes in the Cisco Unified Communications Manager Group the Cisco Unified Communications Manager server that you will specify later in Cisco Unified Mobility Advantage (in the Enterprise Adapter for Cisco Unified Communications Manager).
Option Device Name Device Pool
Phone Button Template Select Standard Cisco Unified Mobile Communicator. Calling Search Space This Calling Search Space must include the set of destination numbers that you want to allow users to use with the Dial-via-Office feature. This is typically the same Calling Search Space associated with the Desk Phone, assuming you want the same calling privileges to apply to both devices. The User ID of the user. The User ID of the user.
Owner User ID Mobility User ID
3-22
Chapter 3
Option
Description
Reroute Calling Search Ensure that the Rerouting Calling Search Space in the Cisco Unified Mobile Communicator device configuration includes both of the following: Space
The partition of the desk phone extension of the user (This requirement is used by the system to provide the Dial via Office feature, not for routing calls.)
A route to the mobile identity number and any Remote Destinations.
The route to the mobile identity (i.e., the Gateway/Trunk partition) must have a higher preference than the partitions of the enterprise extension of the Cisco Unified Mobile Communicator device. Note that Cisco Unified Mobile Communicator allows users to specify an alternate callback number besides the mobile identity, and the Rerouting Calling Search Space controls which alternate callback numbers are reachable. All others Accept the defaults, or follow your company conventions or instructions in the online help.
f. Step 3
Select Save. Select Line [1] - Add a New DN. Enter the Directory Number of the primary desk phone. Enter the Route Partition, if applicable. Press Tab. The remaining fields on the page will automatically populate. Select Save. Scroll to the Associated Devices list. Select the Cisco Unified Mobile Communicator device. Select Edit Device. Scroll down and select Add New Mobile Identity. Enter values:
Associate the mobile phone with the primary desk phone number of the user.
a. b. c. d.
e. Step 4
Return to the Cisco Unified Mobile Communicator device page:

a. b. c.
Step 5
Identify the mobile phone:

a. b.
3-23
Option Destination Number
Description The mobile phone number, without any digits prefixed (for example, no dial-out prefix). This value must exactly match the phone number you enter for this user in the Cisco Unified Mobility Advantage Admin portal. This number must be unique among Cisco Unified Mobile Communicator devices and Remote Destinations. This is the default number that the Dial-via-Office feature will call.
Enable Mobile Connect All others
Select this box. Depend on settings in your company. Accept the defaults, or follow your company conventions or instructions in the online help.
c.
Select Save.
Note
Add any additional remote destinations by using the Remote Destination Profile of the user (Device Settings > Remote Destination Profile), not on this page.
Step 6
Configure Caller ID:

a.
For the device that represents the primary line of the user (usually the desk phone), verify Caller ID information (Name or phone number) for the following fields, as desired:

Display (Internal Caller ID) ASCII Display (Internal Caller ID) External Phone Number Mask
b. c. Step 7
Select the boxes for the Caller ID values to enable for shared device (these include Cisco Unified Mobile Communicator). Select Propagate Selected.
Configure any other information that is required or desired for all devices at your organization.
What To Do Next
See Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19.
Configuring a Presence Account for Each User in Cisco Unified Communications Manager
If you will integrate the presence feature in Cisco Unified Mobile Communicator, configure a Cisco Unified Presence account for each user in Cisco Unified Communications Manager.
3-24
Chapter 3
Procedure
Sign in to the Cisco Unified Communications Manager Admin interface. Select Device > Phone. Select Add New. Select Cisco Unified Personal Communicator as Phone Type. Select Next. Enter the device information. Option Device Name Owner User ID Description UPC+uppercase <USERID> Select the User ID of the user.
Step 7 Step 8
Select Save. Associate the mobile phone with the primary desk phone number of the user.
a. b. c. d.
Select Line [1] - Add a New DN. Enter the Directory Number of the primary desk phone. Enter the Route Partition, if applicable. Press Tab. The remaining fields on the page will automatically populate. Select Save. Select System > Licensing > Capabilities Assignment. Find the user. Select Enable CUP. Select Enable CUPC. Select Save.
e. Step 9
Assign Capabilities to the End User.

a. b. c. d. e.
3-25
3-26
CH A P T E R
Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage
If you will integrate Cisco Unified Presence with Cisco Unified Mobility Advantage to allow users to exchange availability status, perform the procedures in this chapter. For limitations related to presence integration, see the Release Notes for Cisco Unified Mobility Advantage Release 7.0(1) and 7.0(2) at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html.

Presence and Cisco Unified Mobile Communicator, page 4-1 Configuring Essential Settings for Presence Integration, page 4-1 How To Configure Server Security for Cisco Unified Presence, page 4-3 Configuring Additional Settings for Presence Integration, page 4-5
Presence and Cisco Unified Mobile Communicator

The Cisco Unified Presence server manages availability status for Cisco Unified Mobile Communicator and other clients that support presence. Users can set their status on any supported client and it will display on all supported clients. Exchange of presence with federated contacts is not supported. Contacts added from the corporate directory on any client appear in the contact list on all supported clients. Personal contacts are specific to each client. Text messaging from Cisco Unified Mobile Communicator is supported only with other Cisco Unified Mobile Communicator clients.
Configuring Essential Settings for Presence Integration

Create an Application User account in order to allow Cisco Unified Mobility Advantage to access Cisco Unified Presence to obtain presence information for users.
4-1
Chapter 4 Configuring Essential Settings for Presence Integration
Restrictions

The Proxy domain of the Cisco Unified Presence server should be the same as the domain of the Cisco Unified Mobility Advantage server. All users on the Cisco Unified Mobility Advantage server must be configured on a single Cisco Unified Presence server. However, those users can see the presence of users on other Cisco Unified Presence servers in the same cluster.
Before You Begin
Make sure that you have configured Cisco Unified Presence to support all of the functionality that is not specific to Cisco Unified Mobile Communicator but that users will also use in Cisco Unified Mobile Communicator. For example, if availability status will be drawn from the Exchange calendar of each user, follow the instructions in the Integration Note for Configuring Cisco Unified Presence Release 7.0 with Microsoft Exchange. Your Cisco Unified Presence deployment and all users must already be configured and functioning properly. For complete information about configuring Cisco Unified Presence, see the documentation for that product, at http://cisco.com/en/US/products/ps6837/tsd_products_support_series_home.html.
Procedure
Sign in to the Cisco Unified Presence Administration Admin Portal. Select User Management > Application User. Select Add New. Enter the Application User Information in the appropriate fields. This must be a unique account assigned for exclusive use by a single Cisco Unified Mobility Advantage server.
Select Standard Presence Group for the Presence Group. Add the group Admin-CUMA in the Groups field under Permissions Information. Select Save. Select System > Security > Incoming ACL to set the Access Control List. Select Add New. Enter a description. Enter the IP address of the Cisco Unified Mobility Advantage server in the Address Pattern field. Select Save.
What To Do Next

If you have a backup Cisco Unified Presence server that you will specify in Cisco Unified Mobility Advantage, configure an identical Application User account on that server. If you will use a secure connection between Cisco Unified Mobility Advantage and Cisco Unified Presence, you will need to configure security on both servers. See How To Configure Server Security for Cisco Unified Presence, page 4-3.
4-2
Chapter 4
Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage How To Configure Server Security for Cisco Unified Presence
If you will integrate with Cisco MeetingPlace or Cisco MeetingPlace Express, make sure that you have enabled Outlook integration in Cisco Unified Presence. See the documentation for Cisco Unified Presence, for example the Integration Note for Configuring Cisco Unified Presence Release 7.0 with Microsoft Exchange at http://www.cisco.com/en/US/docs/voice_ip_comm/cups/7_0/english/integration_notes/ExchInt.ht ml.
How To Configure Server Security for Cisco Unified Presence

Secure connections between internal servers are not required by default for Cisco Unified Mobility Advantage to operate. However, your corporate security policies may require them. We suggest that you verify that presence features function properly before you introduce server security to your configuration. This approach will simplify troubleshooting should it be necessary. This procedure set describes one option for configuring server security, using self-signed certificates.

Configuring Server Security for Cisco Unified Presence, page 4-3 Downloading Certificates from Cisco Unified Presence, page 4-4 Configuring the TLS Context on Cisco Unified Presence, page 4-4
Configuring Server Security for Cisco Unified Presence

You must perform some of these steps after you install Cisco Unified Mobility Advantage.
Procedure
Do This
Step 1
In Cisco Unified Mobility Advantage, create a Creating Security Contexts, page 9-7. Security Context that specifies Trusted Certificates for the Trust Policy. You can use this Security Context for all enterprise servers that have the same security requirements. If you will follow the instructions for the Configuration Wizard you can use the cuma Security Context.
Step 2
In the Enterprise Adapter for Cisco Unified Presence, select TLS as the Transport Type, then specify the Security Context that you created in an earlier step in this table. In Cisco Unified Presence, require secure communications.
Viewing and Changing Enterprise Adapter Settings, page 10-4. About Cisco Unified Presence Enterprise Adapter Settings, page A-10
Configuring the TLS Context on Cisco Unified Presence, page 4-4
Generate a self-signed certificate from Cisco Unified Downloading Self-Signed Certificates from Mobility Advantage. Cisco Unified Mobility Advantage, page 9-11. Import this certificate to the trust store of the Cisco Unified Presence server. Importing Certificates into Cisco Unified Operating System Servers, page 3-16.
4-3
Chapter 4 How To Configure Server Security for Cisco Unified Presence
Do This
Step 6 Step 7
For Instructions, See Downloading Certificates from Cisco Unified Presence, page 4-4 Importing Self-Signed Certificates from Trusted Servers, page 9-10
Generate a certificate from Cisco Unified Presence. Import this certificate to the trust store of Cisco Unified Mobility Advantage.
Downloading Certificates from Cisco Unified Presence

Perform this procedure only if your IT security policies require Cisco Unified Mobility Advantage to require a self-signed certificate from Cisco Unified Presence. This procedure generates the required certificates.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11
Sign in to Cisco Unified Operating System Administration on the Cisco Unified Presence server. Select Security > Certificate Management. Select Find to display the list of certificates. Select sipproxy.pem. Select Download and save the file to your local computer. Return to the list of certificates, Select tomcat.pem. Select Download and save the file to your local computer. Return to the list of certificates, Select PresenceEngine.pem. Select Download and save the file to your local computer.
What To Do Next
Perform remaining required steps in How To Configure Server Security for Cisco Unified Presence, page 4-3.
Configuring the TLS Context on Cisco Unified Presence

Perform this procedure only if your IT security policies require the Cisco Unified Presence server to require a self-signed certificate from Cisco Unified Mobility Advantage.
Before You Begin
Upload the certificate from Cisco Unified Mobility Advantage to the Cisco Unified Presence server. See Importing Certificates into Cisco Unified Operating System Servers, page 3-16.
Procedure
Step 1
Sign in to Cisco Unified Presence Administration.
4-4
Chapter 4
Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage Configuring Additional Settings for Presence Integration
Select System > Security > TLS Context Configuration. Select Find. Select Default_Cisco_UPS_SIP_Proxy_Peer_Auth_TLS_Context. Select the Cisco Unified Mobility Advantage certificate in the list of available TLS peer subjects. Move this TLS peer subject to Selected TLS Peer Subjects. Select Save. Select Cisco Unified Presence Serviceability > Tools > Service Activation. Restart the Cisco Unified Presence SIP Proxy service.
What To Do Next
Perform remaining required steps in How To Configure Server Security for Cisco Unified Presence, page 4-3.
Configuring Additional Settings for Presence Integration

Procedures
To
Step 1
Do This
Configure an enterprise adapter for Cisco Unified For new installations: Presence You will configure this adapter while running the Configuration Wizard. See Configuring the Connection to Cisco Unified Presence, page 7-19. For upgrades from Release 3.x or for existing deployments: See Chapter 10, Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage and About Cisco Unified Presence Enterprise Adapter Settings, page A-10.
Step 2
Enable the presence feature in Cisco Unified Mobility Advantage
For new installations: You will configure this while running the Configuration Wizard. For upgrades from Release 3.x or for existing deployments: See Enabling Exchange of Presence, page 12-5.
4-5
Chapter 4 Configuring Additional Settings for Presence Integration
To
Step 3
Do This See Configuring a Presence Account for Each User in Cisco Unified Communications Manager, page 3-24 See Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6. Pay special attention to the Before You Begin section.
Create a presence account for each user in Cisco Unified Communications Manager Allow presence display to reflect user meeting schedules
Step 4
Related Topics
How to Solve Problems with Availability Status (Presence), page 19-14
4-6
CH A P T E R
Upgrading Cisco Unified Mobility Advantage

Upgrade Sequence, page 5-1 How to Upgrade Release 3.0.4 to Release 3.0.9, page 5-1 How to Upgrade Release 3.0.9 to Release 3.1.2, page 5-4 How to Upgrade Release 3.1.2 to Release 7.0(1), page 5-7 Upgrading from Release 7.0(1) to Release 7.0(2), page 5-19
Upgrade Sequence
Each release upgrades only from the release that immediately preceded it. If you are upgrading from a release that did not immediately precede the release you are installing, you must sequentially upgrade each release. Follow the instructions in each applicable section of this chapter.
How to Upgrade Release 3.0.4 to Release 3.0.9

To upgrade Cisco Unified Mobility Advantage from Release 3.0.4 to Release 3.0.9, upgrade the Managed Server and Cisco Unified Mobility Advantage Proxy Server applications only. Do not upgrade the operating system.

Completing Preinstallation Steps Installing the Server Applying Changes Completing the Upgrade
Completing Preinstallation Steps

Procedure
Step 1 Step 2
Sign in as root on the machine on which Cisco Unified Mobility Advantage Server is installed. Open a command terminal.
5-1
Chapter 5 How to Upgrade Release 3.0.4 to Release 3.0.9
Step 3
Sign in as an "informix" user and create a backup directory for the database export: su - informix mkdir /tmp/cumabk
Step 4
As root, stop the Cisco Unified Mobility Advantage Servers (Proxy Server, Enterprise Server, Node Manager Server, and Managed Server): /sbin/service cuma_proxy stop /sbin/service cuma_cuma stop /sbin/service cuma_nm stop /sbin/service cuma_admin stop
Step 5
Back up the configuration files located under $CUMAROOT/conf/admin/ directory. The default $CUMAROOT is /opt/cuma. The following examples use /opt/cuma, Replace /opt/cuma with your install directory. cd /opt/cuma/conf cp -R admin /tmp/cumabk/
Step 6
Back up the database startup script file /etc/init.d/cuma_db: cp /etc/init.d/cuma_db /tmp/cumabk/ Stop the Cisco Unified Mobility Advantage Servers and take an export dump of the database by executing the following commands as an "informix" user on the server where the database is installed: su - informix export INFORMIXDIR=/opt/cuma/informix export INFORMIXSERVER=mcs export PATH=$PATH:/opt/cuma/informix/bin cd $INFORMIXDIR/bin dbexport cumcsdb -ss -o /tmp/cumabk
Step 7
Step 8
Back up the orative.keystore file on the Managed Server to a temporary location: cp /opt/cuma/conf/orative.keystore /tmp/cumabk/
Installing the Server

Procedure
Step 1
Sign in as root and uninstall the Cisco Unified Mobility Advantage Server Release 3.0.4 without uninstalling the underlying database by invoking the uninstaller program using the following command: /opt/cuma/Uninstall/uninstall -DIDS=false -i silent As root, install the Cisco Unified Mobility Advantage Server Release 3.0.9 without reinstalling the database:
Step 2
5-2
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.0.4 to Release 3.0.9
Caution
You must be running an X-client if you are installing remotely. If you need an X-client, use WRQ Reflection. cd $cd_image_root/Disk1 (the default location is: cd /media/cdrom/Disk1) ./install.bin -DIDS=false
Step 3
Restore the backed up configuration files to the new installation location: cd /tmp/cumabk cp -R admin /opt/cuma/conf/ Enter Yes for all the overwrite prompts cp orative.keystore /opt/cuma/conf cp cuma_db /etc/init.d/
Step 4
Register the database so that it starts automatically, and then restart the database if it has not already been started: /sbin/chkconfig --add cuma_db /sbin/service cuma_db start
Applying Changes
Procedure
Step 1
Copy the jtapi jar file that corresponds to the version of Cisco Unified Communications Manager installed in your system to the lib directory on the Managed Server. The following example is for Cisco Unified Communications Manager version 6.0: cp /opt/cuma/var/jtapi/6/cisco_jtapi-6.jar /opt/cuma/jboss-4.0.1sp1/server/cuma/lib/ Start the Cisco Unified Mobility Advantage Admin Server and Node Manager Server: /sbin/service cuma_admin start /sbin/service cuma_nm start
Step 2
Completing the Upgrade

Procedure
Step 1
Sign in to the Cisco Unified Mobility Advantage Admin Portal. For example, http://mycompany.com:7080/adminportal. Upload the orative.keystore file that you backed up earlier to the server. You may need to download this file to your PC first before uploading it to the server.
Step 2
5-3
Upload the Cisco Unified Mobile Communicator .oar files in the Admin Portal. This must be done even if there are no new .oar files. Start the Managed Server. Uninstall Cisco Unified Mobility Advantage Release 3.0.4 from the Proxy Server, and then install Release 3.0.9. Use the old SSL keystore file and ports that you originally used for the Proxy Server installation. Make sure the Managed Server is running, and then start the Proxy Server.
Step 6
How to Upgrade Release 3.0.9 to Release 3.1.2

To upgrade Cisco Unified Mobility Advantage, upgrade the Cisco Unified Mobility Advantage Server and Cisco Unified Mobility Advantage Proxy Server applications only. Do not upgrade the operating system.

Completing Preinstallation Steps Installing the Server Applying Changes Completing Upgrade Tasks
Completing Preinstallation Steps

Procedure
Before you begin the upgrade, make sure that you have up-to-date port configuration information for the Cisco Unified Mobility Advantage Server and the Cisco Unified Mobility Advantage Proxy Server. Sign in as root on the machine where the Proxy Server is installed. Open a command terminal. As root, stop the Proxy Server: /sbin/service cuma_proxy stop Sign in as root on the machine where the Cisco Unified Mobility Advantage Server is installed. Open a command terminal. Sign in as an "informix" user and create a backup directory for the database export: su - informix mkdir /tmp/cumabk exit
Step 8
As root, stop the Cisco Unified Mobility Advantage Server, Node Manager Server, and Managed Server: /sbin/service cuma_cuma stop /sbin/service cuma_nm stop /sbin/service cuma_admin stop
5-4
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.0.9 to Release 3.1.2
Step 9
Back up the configuration files located under $CUMAROOT/conf/admin/ directory. The default $CUMAROOT is /opt/cuma. The following examples use /opt/cuma. Replace /opt/cuma with your install directory. cd /opt/cuma/conf cp -R admin /tmp/cumabk/
Step 10
Back up the database startup script file /etc/init.d/cuma_db: cp /etc/init.d/cuma_db /tmp/cumabk/ Stop the Cisco Unified Mobility Advantage Servers and take an export dump of the database by executing the following commands as an "informix" user on the server where the database is installed: su - informix export INFORMIXDIR=/opt/cuma/informix export INFORMIXSERVER=mcs export PATH=$PATH:/opt/cuma/informix/bin cd $INFORMIXDIR/bin dbexport cumcsdb -ss -o /tmp/cumabk
Step 11
Step 12
Back up the orative.keystore file on the Managed Server to a temporary location: cp /opt/cuma/conf/orative.keystore /tmp/cumabk/ Back up the .WAR files: cp /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/blackberry-admin.war /tmp/cumabk cp /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/symbian-admin.war /tmp/cumabk cp /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/blackberry-user.war /tmp/cumabk cp /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/blackberry-user.war /tmp/cumabk cp /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/symbian-user.war /tmp/cumabk
Step 13
Installing the Server

Procedure
Step 1
Sign in as root and uninstall the Cisco Unified Mobility Advantage Server Release 3.0.9 without uninstalling the underlying database by invoking the uninstaller program using this command: /opt/cuma/Uninstall/uninstall -DIDS=false -i silent As root, install the Cisco Unified Mobility Advantage Server Release 3.1.2 without reinstalling the database:
Step 2
Caution
You must be running an X-client if you are installing remotely. If you need an X-client, use WRQ Reflection. cd $cd_image_root/Disk1 (the default location is: cd /media/cdrom/Disk1) ./install.bin -DIDS=false
5-5
Step 3
Restore the backed up configuration files to the new installation location: cd /tmp/cumabk cp -R admin /opt/cuma/conf/ Enter Yes for all the overwrite prompts cp orative.keystore /opt/cuma/conf cp cuma_db /etc/init.d/
Step 4
Restore the backed up .WAR files: cp /tmp/cumabk/blackberry-admin.war /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/ cp /tmp/cumabk/symbian-admin.war /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/ cp /tmp/cumabk/blackberry-user.war /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/ cp /tmp/cumabk/symbian-user.war /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/
Step 5
Register the database so that it starts automatically, and then restart the database if it has not already been started: /sbin/chkconfig --add cuma_db /sbin/service cuma_db start
Applying Changes
Procedure
Step 1 Step 2
Sign in as a root user on the server that is running Cisco Unified Mobility Advantage. Open a command terminal and edit the following file using the vi editor: vi /opt/cuma/conf/admin/admin.xml Change the value of node <vm_system_email_pattern> in <voicemail_from_email_filter> for  to: .*?(UNITY|unity|VPIM|vpim) .* Add node after <move_on_delete>true</move_on_delete> in <voicemail_from_email_filter> for : <voice_introduction>introduction</voice_introduction> Open a command terminal and edit the following file using the vi editor: vi /opt/cuma/conf/admin/managed_server.xml Change the value of node <vm_system_email_pattern> in <voicemail_from_email_filter> for  to: .*?(UNITY|unity|VPIM|vpim) .* --Add node after <move_on_delete>true</move_on_delete> in <voicemail_from_email_filter> for : <voice_introduction>introduction</voice_introduction> Start the Cisco Unified Mobility Advantage Admin Server and Node Manager Server.
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
5-6
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.1.2 to Release 7.0(1)
/sbin/service cuma_admin start /sbin/service cuma_nm start
Completing Upgrade Tasks

Procedure
Sign in to the Cisco Unified Mobility Advantage Admin Portal. For example, http://mycompany.com:7080/adminportal. Upload the orative.keystore file that you backed up earlier to the server. You may need to download this file to your PC first before uploading it to the server. Upload the Cisco Unified Mobile Communicator .oar files in the Admin Portal. This must be done even if there are no new .oar files. Go to Enterprise Adapters and select Edit for the Cisco Unified Communications Manager adapter. Make sure the Cisco Unified Communications Manager version is set properly. Select Submit on the Cisco Unified Communications Manager adapter page whether or not you make any changes. Start the Managed Server. Uninstall Cisco Unified Mobility Advantage Release 3.0.9 from the Proxy Server, and then install Release 3.1.2. Use the old SSL keystore file and ports that you originally used for the Proxy Server installation. Make sure the Managed Server is running, and then start the Proxy Server.
Step 9
How to Upgrade Release 3.1.2 to Release 7.0(1)

To upgrade Cisco Unified Mobility Advantage release 3.1.2 to release 7.0(1), perform the following sets of operations:

How to Prepare To Upgrade, page 5-7 How to Configure Release 7.x to Run with Release 3.x Functionality After Upgrade, page 5-10 Adding New Functionality, Client Software, and Users After Upgrade, page 5-16
How to Prepare To Upgrade

Preinstallation Tasks, page 5-8 Saving the SSL Certificate from the Proxy Server, page 5-8 Creating a Backup File of Your Release 3.1.2 Data, page 5-9
5-7
Chapter 5 How to Upgrade Release 3.1.2 to Release 7.0(1)
Preinstallation Tasks
Perform these tasks even if you will upgrade to Release 7.0(2).
Caution
We recommend that you install Cisco Unified Mobility Advantage Release 7.0(1) on a new server. Installing Release 7.0(1) formats the hard drive.
Procedures
Task Obtain necessary firewall ports from your IT security department. Port requirements have changed for Cisco Unified Mobility Advantage Release 7.x. If you will reuse the signed certificate from your Proxy Server on the Cisco Adaptive Security Appliance: Perform the first procedure required to reuse the signed certificate from your Release 3.1.2 Proxy Server on the Cisco Adaptive Security Appliance. You will complete the processes required to reuse the certificate after you install Release 7.0(1).
For Information, See Opening Firewall Ports, page 1-5
Saving the SSL Certificate from the Proxy Server, page 5-8
If you cannot reuse the signed certificate from (For New Installations) How to Obtain and Import your Proxy Server on the Cisco Adaptive Security the Cisco Adaptive Security Appliance-to-Client Appliance: Certificate, page 2-10. Obtain a new certificate for the Cisco Adaptive Security Appliance. Create a backup file of Release 3.1.2. Creating a Backup File of Your Release 3.1.2 Data, page 5-9
Notify users that existing voicemail notifications will no longer appear on their mobile devices after you install the upgrade. However, the messages are still available from Microsoft Exchange or Outlook, and from the Telephone User Interface (TUI).
Saving the SSL Certificate from the Proxy Server

In Cisco Unified Mobility Advantage Release 7.x, a Cisco Adaptive Security Appliance performs the functions that the Proxy Server performed in Release 3.1.2. If you meet the restrictions for this section, you can reuse the certificate from the Proxy Server on the Cisco Adaptive Security Appliance. (The certificate on the Managed Server will be transferred automatically during the upgrade.)
5-8
Chapter 5
Restrictions
The hostname of the Cisco Unified Mobility Advantage server in Release 7.0(1) must be the same as the hostname of the Managed Server in Release 3.1.2 (and the same as the hostname on the certificate.) You must know your certificate password. For security reasons, it is not possible to discover this password from Cisco Unified Mobility Advantage. If you do not know this password, you may be able to obtain a replacement certificate from the Certificate Authority; visit their web site to learn your options.
Before You Begin
If your situation does not meet the restrictions above, skip the rest of this section and follow the instructions in (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10.
Procedure
Step 1
Note the password for the certificate on your Proxy Server. Certificate From Proxy Server Your Password
Step 2
Locate the keystore file on the Proxy Server. The file is located in: /opt/cuma/conf/orative.keystore Copy the keystore file from the Proxy Server to a safe location.
Step 3
What To Do Next
After you install the upgrade, do the following in order:

1. 2. 3.
Uploading the Proxy Server Certificate to Release 7.x, page 5-13 Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14 (For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8
Creating a Backup File of Your Release 3.1.2 Data

This backup captures your Release 3.1.2 data for import later into your Release 7.0(1) installation. This procedure is required for all upgrades.
Before You Begin
We recommend storing your backup on an SFTP server, but you can also use an FTP server or a tape backup system. Make sure the volume can accommodate the backup file, which will be 600-700 MB.
5-9
Procedure
Step 1 Step 2
Obtain a copy of the Cisco Unified Mobility Advantage 7.x installation DVD. Copy the cuma_backup_restore.sh backup script located on the DVD to the Cisco Unified Mobility Advantage 3.1.2 server. The backup script is located on the DVD at: ${DVD_MOUNT_POINT}/RedHat/APPRPMS/cuma_backup_restore.sh As root, execute the following script to create a backup tar.gz file of the Cisco Unified Mobility Advantage 3.1.2 server: ./cuma_backup_restore.sh -b /opt/cuma /tmp/mybackup This command creates a backup tar file /tmp/mybackup.tar.gz on the Cisco Unified Mobility Advantage 3.1.2 server. For example: cuma_backup_restore.sh [-b <cuma_dir> {backup_file}] [-r <restore_file>] [-v <restore_file]

Step 3
-b Creates a backup of cuma_dir. If backup_file is not specified, then a unique time stamped backup file will be created in /common. -r Restores a backup, specified by restore_file. -v Displays the server version of the restore_file.
Caution
If you will install Release 7.0(1) on this server, do not leave the .tar file on this server. You will import this data file at the end of the Release 7.0(1) install process.
What To Do Next
Run the installer to perform the upgrade. See Chapter 6, Installing Cisco Unified Mobility Advantage.
How to Configure Release 7.x to Run with Release 3.x Functionality After Upgrade
Because of changes in port configuration and in the way server security, presence, and voicemail integration are provided in Cisco Unified Mobility Advantage Release 7.x, your existing deployment will not work after upgrade until you make configuration changes. We recommend that you make the required configurations to restore your Release 3.x functionality before you configure new features and devices. This approach will simplify troubleshooting should it be necessary.

Configuring Release 7.x to Run With Release 3.x Functionality, page 5-11 Uploading the Proxy Server Certificate to Release 7.x, page 5-13 Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14 Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15
5-10
Chapter 5
Configuring Release 7.x to Run With Release 3.x Functionality

After you run the installer, perform the following steps to run Cisco Unified Mobility Advantage with Release 3.x functionality.
Restriction
The following must be true:

Your enterprise servers have not changed. The hostname of the Cisco Unified Mobility Advantage server is the same as the Managed Server.
Before You Begin
Install the upgrade to Release 7.0(1). See Chapter 6, Installing Cisco Unified Mobility Advantage.
Procedure
Do This
Step 1
For Information, See Logging In to the Admin Portal, page 8-1 Note that in Cisco Unified Mobility Advantage Release 7.x the Admin Portal port is fixed at 7080. You obtained these ports in Opening Firewall Ports, page 1-5.
Sign in to the Admin Portal using your credentials from Release 3.1.2. Select System Management > Network Properties and specify the required port numbers, if they are different from the defaults.
Step 2
Step 3
Prepare the required certificate to be presented to If you will use the existing certificate from the the clients. Proxy Server:

See Uploading the Proxy Server Certificate to Release 7.x, page 5-13 and then Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14
If you must obtain a new certificate signed by a Certificate Authority:
How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8
Step 4
Determine whether you can re-use a signed certificate from the Managed Server, if you had one in Release 3.1.2. If you can reuse the certificate, you do not need to do anything in order to use it.
See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15. If the Managed Server did not have a signed certificate that you want to reuse, see Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15 Chapter 2, Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage
Step 5
Configure the Cisco Adaptive Security Appliance.
5-11
Do This
Step 6
For Information, See

(For Cisco Unified Communications Manager Release 7.x only) Update the Cisco Unified Communications Manager adapter: Select cuma for the Security Context. Create the Cisco Unity or Cisco Unity Connection adapter. The voicemail integration has changed for Cisco Unified Mobility Advantage Release 7.x; the voicemail settings used in Cisco Unified Mobility Advantage Release 3.x will not work for Release 7.x.
Viewing and Changing Enterprise Adapter Settings, page 10-4 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 Adding a New Enterprise Adapter, page 10-3 About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14 Enabling and Configuring Voicemail, page 12-4
Step 7
Step 8
Start Cisco Unified Mobility Advantage using the single control in Server Controls > Cisco > Control Server. Notify existing users of Release 3.x clients that:

Step 9
BlackBerry users should upgrade their client software. Users of Nokia Symbian phones who use the French, German, Spanish, or Italian client do not need to upgrade from Release 3.x. Users of Nokia Symbian phones who use the English version of the client should upgrade to client Release 7.0 in order to use the new features. However, they cannot use the standard upgrade procedure. Instead, they must delete their existing phones from the User Portal, then add their phones again as new phones. When they sign in to the new client, their data will be restored on the new client. For best results, they should connect to the server immediately before they delete their phones in order to ensure that no data that was added to their client since the last connection is lost. If voicemail credentials are not the same as Cisco Unified Mobile Communicator credentials, they must set their voicemail usernames and passwords in the User Portal before they can access voicemail from their mobile devices. They can access their voicemail from other standard methods regardless, such as from their desk phones.
Step 10
Verify that Release 3.x functionality is working properly with existing Release 3.x clients. Note that the availability feature will not work until you add Cisco Unified Presence in a later section.
Add new functionality. Add new users and devices. Have users of client Release 3.x for Nokia Symbian phones upgrade to client Release 7.x.
Adding New Functionality, Client Software, and Users After Upgrade, page 5-16
Uploading the Proxy Server Certificate to Release 7.x

In Cisco Unified Mobility Advantage Release 7.x, the Cisco Adaptive Security Appliance performs the same function that the Proxy Server provided in Release 3.x. If you choose to re-use the certificate from the Proxy Server on the Cisco Adaptive Security Appliance, you must perform several procedures in order to convert the certificate.
5-12
Chapter 5
In order to convert the Proxy Server certificate for use on the Cisco Adaptive Security Appliance, you must first create a security context to store certificate and then upload it. You do not need to upload the Managed Server certificate; it is uploaded automatically during the upgrade.
Before You Begin
You must have performed the procedure in Saving the SSL Certificate from the Proxy Server, page 5-8.
Procedure
Sign in to the Admin Portal using your password from Release 3.1.2. Select Security Context Management > Security Contexts. Select Add Context. Select Upload for Do you want to create/upload a new certificate? Enter information: Option Context Name Description Certificate Type Trust Policy Client Authentication Policy Certificate Value Enter information that describes the certificate, such as its source and type (signed.) JKS Keep the default. Keep the default. Navigate to and choose the Proxy Server certificate that you saved before performing the upgrade. Enter the password.
Certificate Password
Step 6
Select Submit.
What To Do Next
Perform the procedure in Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14.
Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance
You must download and modify this certificate before you can upload it to the Cisco Adaptive Security Appliance.
Before You Begin

Perform the procedure in Uploading the Proxy Server Certificate to Release 7.x, page 5-13. Obtain OpenSSL software. For information, visit www.openssl.org.
5-13
Procedure
Step 1
Download the certificate file that was originally on the Proxy Server from Cisco Unified Mobility Advantage Release 7.0(1) and save it with a .p12 extension:
a. b.
Select Security Context Management > Security Contexts. Select Download in the row of the Security Context that holds the former Proxy Server certificate. The file downloads in PKCS12 format. Save the file. Change the filename extension from .keystore to .p12.
c. d. Step 2
Convert the PKCS12 file to PEM format using OpenSSL: You can run OpenSSL commands through an SSH session on any Linux machine, such as the Cisco Unified Mobility Advantage Release 3.1.2 managed server or Proxy Server. Run the following OpenSSL command: openssl pkcs12 -in your_p12cert.p12 -out your_pemcert.pem Open the PEM file in WordPad. Identify each section of the PEM file: This PEM file generally includes several certificates, each clearly marked with BEGIN CERTIFICATE and END CERTIFICATE labels:

Step 3 Step 4
The server certificate that you must manipulate using the rest of the steps in this procedure, along with its private key information. An intermediate certificate that you will copy and paste into the Cisco Adaptive Security Appliance command-line interface later. If this certificate is not included, you can obtain it later from your Certificate Authority web site. The root certificate that you will copy and paste into the Cisco Adaptive Security Appliance command-line interface later. If this certificate is not included, you can obtain it later from your Certificate Authority web site.
Step 5
Copy and save the private key section, including the following lines, to a new text file (for example, yourserver_key.txt). --BEGIN ENCRYPTED PRIVATE KEY-----END ENCRYPTED PRIVATE KEY---Copy and save the server certificate, including the following lines, to a new text file (for example, yourserver_cert.txt). --BEGIN CERTIFICATE-----END CERTIFICATE---Use OpenSSL to combine the key and certificate text files into a new file in PKCS12 format: openssl pkcs12 -in yourserver_cert.txt -inkey yourserver_key.txt -nodes -passin pass:<cert_password> -passout pass:<cert_password> -export -out sslout.p12
Step 6
Step 7
Step 8
Convert the output file to base64: openssl base64 -in sslout.p12 -out ssl64.p12
5-14
Chapter 5
What To Do Next

Obtain any applicable intermediate and root certificates from the web site of your Certificate Authority, if they were not included in the PEM file in this procedure. Upload all required certificates to the Cisco Adaptive Security Appliance using the procedure in (For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8.
Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance
If the Managed Server (as distinct from the Proxy Server) had a certificate that was signed by a recognized Certificate Authority (this release supports VeriSign and GeoTrust), this certificate was automatically uploaded into the cuma Security Context in Cisco Unified Mobility Advantage Release 7.0(1) during the upgrade. If the hostname of the Cisco Unified Mobility Advantage server after upgrade is the same as the hostname of the Managed Server in Release 3.1.2 (and on the certificate), you can reuse this signed certificate for Cisco Unified Mobility Advantage Release 7.x without any further action. If the Managed Server did not have a signed certificate, you have several options:
You can generate a self-signed certificate from Cisco Unified Mobility Advantage for import into the Cisco Adaptive Security Appliance. Users will see an untrusted certificate warning when they access the User Portal, but this warning does not prevent access or represent an actual security risk. You can also choose to obtain and deploy a new signed certificate now. You use a self-signed certificate for initial testing and then obtain and deploy a signed certificate later.
Before You Begin
Determine whether you need to perform this procedure. See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.
Procedure
Select Security Context Management > Security Contexts in the Admin Portal. Select Manage Context beside the cuma security context. Select Download Certificate. Open the certificate in WordPad (not Notepad.) Copy the certificate text.
Related Topics

Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5 How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12 About Secure Connections and SSL Certificates, page 9-1
5-15
Explanation of Security Contexts, page 9-4 How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12
What To Do Next
Import this certificate into the Cisco Adaptive Security Appliance. See Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12.
Adding New Functionality, Client Software, and Users After Upgrade

After you have verified that the upgrade has been successful, add new features and new users as desired.
Restrictions
See the Restrictions and Limitations in the Release Notes for this release at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html. Note that there may be separate release notes for the client and for the server. Some features require certain versions of enterprise servers. See the System Requirements in the Compatibility Matrix at http://www.cisco.com/en/US/products/ps7270/products_device_support_tables_list.html. New features are available only for Release 7.x clients.
Before You Begin
If you are upgrading to Release 7.0(2), install that upgrade before you complete this section. See Upgrading from Release 7.0(1) to Release 7.0(2), page 5-19.
Procedure
Do This
Step 1
Create additional security contexts, if desired, and Chapter 9, Managing Server Security in manage any additional certificates. Cisco Unified Mobility Advantage. During the upgrade, the certificate that was on the Managed Server in Release 3.1.2 is uploaded and a security context named cuma is created for it. Its Trust Policy defaults to All Certificates, and Client Authentication Policy defaults to None. You can assign this Security Context to any and all enterprise adapters that you create, so that you do not need to import or export certificates. You can change security requirements later to require certificates for added security.
5-16
Chapter 5
Do This
Step 2
Configure settings for Cisco Unified Chapter 3, Configuring Cisco Unified Communications Manager, including the Dial Via Communications Manager for Use With Office and integrated call logs features. Cisco Unified Mobility Advantage
a. b.
Configure Cisco Unified Communications Manager. Update the adapter in the Enterprise Configuration > Enterprise Adapter pages in the Admin portal. See information about the fields in the appendix. Be sure to specify a Security Context. For Release 7.0(2), enter the Web Services information. For Release 7.0(1), enter the SOAP information.
Be sure to complete the following for each feature you want to enable:

Operations in Before You Begin sections. Operations in What To Do Next sections.
c. d.
Enable the call log monitoring and Dial via Office features and choose options. Configure users in Cisco Unified Communications Manager and in Cisco Unified Mobility Advantage. You are using Cisco Unified Communications Manager Release 7.x. There are existing users of the Release 3.x client on Nokia Symbian phones who will migrate to Release 7.x of the client. These users will use the same mobile phone number with client Release 7.x. How to Configure Cisco Unified Communications Manager for Each User and Device, page 3-19
Step 3
If the following are true:

Then you must delete the existing Remote Destination profile in Cisco Unified Communications Manager, then configure the user and device following the instructions for Release 7.x.
Step 4
If you will integrate with Cisco Unified Presence: Chapter 4, Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage a. Configure the Cisco Unified Presence server.
b.
Create the enterprise adapter. Be sure to specify a Security Context. Enable the availability feature. Configure each user.
Be sure to complete the following:

Operations in any Before You Begin sections. Operations in any What To Do Next sections. Procedures in Additional Required Configurations sections.
c. d.
Step 5
If you will integrate with Cisco Unified Enabling Conference Notifications, page 12-5 MeetingPlace or Cisco Unified MeetingPlace Express so that users receive alerts when meetings are about to begin, enable notifications.
5-17
Chapter 5 Upgrading from Release 7.0(1) to Release 7.0(2)
Do This
Step 6
For Information, See Uploading a Cisco Unified Mobile Communicator Release, page 13-2
Upload the new .oar file to Cisco Unified Mobility Advantage.
Specify the service providers and phones that you Determining Supported Devices and Service will support. Providers, page 13-2 Activate new users.
Activating Users, page 14-1
Ensure that user access will not be blocked when For the system: Cisco Unified Mobility Advantage checks for Enabling Device ID Checking, page 12-1 Device IDs. For each user: By default, Release 3.x clients cannot connect. You must disable either the system-level checking Restricting Access By Device, page 14-2 or the setting for each user. Restart Cisco Unified Mobility Advantage.

Step 10
Stopping Cisco Unified Mobility Advantage, page 11-1 Starting Cisco Unified Mobility Advantage, page 11-1 User documentation for Cisco Unified Mobile Communicator for Nokia Symbian at http://cisco.com/en/US/products/ps7271/prod ucts_user_guide_list.html Chapter 17, Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Chapter 15, Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Chapter 16, Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Chapter 17, Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones
Step 11
Have users of client Release 3.x for Nokia Symbian phones upgrade to client Release 7.x.
Step 12
Provision new users.
Step 13
Give users the information they need to use Cisco Unified Mobile Communicator.
Information to Give to Users, page 14-3
Upgrading from Release 7.0(1) to Release 7.0(2)

Follow the instructions in this procedure whether you are upgrading from an existing installation of Release 7.0(1) or you have just installed Release 7.0(1) in preparation to upgrade to Release 7.0(2). You can upgrade to Cisco Unified Mobility Advantage Release 7.0(2) while Release 7.0(1) continues to operate. Two partitions exist on the server: an active, bootable partition and an inactive, bootable partition. The system boots up and operates entirely on the partition that is marked as the active partition. You install the upgrade on the inactive partition. The system continues to function normally while you are installing the software. When you are ready, you activate the inactive partition and reboot the system with the newly upgraded software. The current active partition becomes the inactive partition after the system restarts. The current software remains in the inactive partition until the next upgrade. Your configuration information migrates automatically to the upgraded version in the active partition.
5-18
Chapter 5
Upgrading Cisco Unified Mobility Advantage Upgrading from Release 7.0(1) to Release 7.0(2)
If for any reason you decide to back out of the upgrade, you can restart the system to the inactive partition that contains the older version of the software. However, you will lose any configuration changes that you made since upgrading the software.
Before You Begin
If this is a new installation of Cisco Unified Mobility Advantage and you have just installed Release 7.0(1), do both of the following before you upgrade to Release 7.0(2):
Complete the Configuration Wizard in Release 7.0(1) See Using the Configuration Wizard in
Cisco Unified Mobility Advantage, page 7-1.

Start Cisco Unified Mobility Advantage and verify that it is running.
If you are upgrading from Release 3.x:

Upgrade, if necessary, to Release 3.1.2 using the appropriate procedures in this chapter. Prepare to upgrade to Release 7.0(1): Perform the procedures in How to Prepare To Upgrade,
page 5-7.
Upgrade to Release 7.0(1). See Chapter 6, Installing Cisco Unified Mobility Advantage. Perform essential operations after upgrading to Release 7.0(1): See How to Configure Release
7.x to Run with Release 3.x Functionality After Upgrade, page 5-10.
Stop the server and verify that the server is not running before you continue. See Stopping
Cisco Unified Mobility Advantage, page 11-1.

If you will upgrade from an image of the installer that is on a remote filesystem, make sure that you have SFTP access to the image. Back up your data. See Backing Up Your Cisco Unified Mobility Advantage Server, page 11-3. If you download the Cisco Unified Mobility Advantage software from Cisco.com, copy or note the MD5 value in the table on the page from which you download the image.
Procedure
If you will upgrade using a DVD, insert the DVD into the disc drive of the Cisco Unified Mobility Advantage server. Go to the sign-in page of the Admin Portal. Select Cisco Unified OS Administration from the list box in the top right corner of the window. Select Go. Sign in using your platform administrator credentials. Select Software Upgrades > Install/Upgrade. Choose the location of the installer image from the Source list box. Enter required information:
5-19
Chapter 5 Upgrading from Release 7.0(1) to Release 7.0(2)
Field Directory
Installations From DVD Directory on the DVD that holds the installer.
Installations From Remote Filesystem Directory on the SFTP server that holds the installer.
If the file is in the root directory, enter a If the file is in the root directory, enter a slash (/). slash (/). Server User Name User Password Transfer Protocol
Hostname or IP address of the SFTP server Credentials for an account that has access to the SFTP server. Choose SFTP.
Select Next. Choose the software image to install, if prompted, then select Next. Wait for the software to download, if you are installing from a remote volume. This may take some time. If you are installing from a remote volume, verify that the MD5 Hash Value that you see in the window matches the MD5 value on the page from which you downloaded the software image. Choose one of the following:
Step 12 Step 13
5-20
Chapter 5
Upgrading Cisco Unified Mobility Advantage Upgrading from Release 7.0(1) to Release 7.0(2)
To Reboot immediately after upgrade and make the new software active.
Do This
1. 2. 3.
Choose Reboot to upgraded partition. Select Next. Wait for the system to reboot. This may take some time. The system does not notify you when the process is complete.
4.
Sign in to the Admin Portal when it is available. Choose Do not reboot after upgrade. Select Next. Scroll down periodically in the Installation Log and look for a message that the process is complete. This process may take some time. Select Finish.
a. Sign into the Cisco Unified OS Administration page with your
Install the upgrade and then manually reboot later to the upgraded partition.
1. 2. 3.
4.
To activate the upgrade: platform credentials.

b. Choose Settings > Version. c. Select Switch Version. d. Wait for the system to reboot.
This may take some time. The system does not notify you when the process is complete.
e. Try periodically to access the Admin Portal.
Related Topics
For Upgrades from Release 7.0(1): Reverting to a Previous Version of Cisco Unified Mobility Advantage, page 19-22
What To Do Next

If this is an upgrade from Release 3.1.2: Follow the procedures in Adding New Functionality, Client Software, and Users After Upgrade, page 5-16. If you are upgrading from Release 7.0(1):
You do not need to change existing Release 7.0(1) configurations unless you are adding or
changing functionality or enterprise servers.

Upload the new .oar file for the latest client software. See How to Make Client Software
Available for Use, page 13-1.

Restart Cisco Unified Mobility Advantage.
5-21
CH A P T E R
Installing Cisco Unified Mobility Advantage

Use the following procedure to install the operating system and Cisco Unified Mobility Advantage Release 7.0(1) on the Cisco MCS server.
Note
If you are installing Release 7.0(2), you must first install, configure, and successfully start Release 7.0(1), then upgrade to Release 7.0(2). This is true even if you install on a Cisco MCS server that was not supported under Release 7.0(1).
Before You Begin
Caution
The server on which you install Cisco Unified Mobility Advantage will be reformatted during the installation.
For Upgrades from Release 3.1.2 to Release 7.0(1)
Do These Things Perform the procedures in How to Prepare To Upgrade.
6-1
Chapter 6
For New installations of Release 7.x
Do These Things
Perform the following procedures:

Chapter 1, Preparing to Install or Upgrade Cisco Unified Mobility
Advantage.
Chapter 2, Configuring the Cisco Adaptive Security Appliance (ASA)
for Use With Cisco Unified Mobility Advantage (Except certificate operations that cannot be performed before installing Cisco Unified Mobility Advantage and the sections on TLS and MMP.)
Chapter 3, Configuring Cisco Unified Communications Manager for
Use With Cisco Unified Mobility Advantage (Except certificate operations that cannot be performed before installing Cisco Unified Mobility Advantage.)
(If applicable) Chapter 16, Deploying Cisco Unified Mobile
Communicator on BlackBerry Devices

Note the values in the Your Value column of all tables in the installation
procedure.
Procedure
Insert the Cisco Unified Mobility Advantage DVD into the DVD-ROM drive of the server on which you are going to install Cisco Unified Mobility Advantage. Boot the computer from the DVD. Select Yes to perform a media check on the DVD. The media check can take up to 10 minutes. If the media check fails, contact Support. Select OK on the Product Deployment panel. Verify the Cisco Unified Mobility Advantage version to be installed and note that the hard disk will be overwritten. Select Yes to continue. Select Proceed on the Platform Installation Wizard panel to begin the installation. Select whether to import data from a 3.x Cisco Unified Mobility Advantage version:

Select No if this is a new installation, then Continue. Select Yes if you want to perform an upgrade and you have created a 3.1.2 backup file. You will import the backup file later in this procedure. Select Back, then Cancel if you are upgrading and you have not yet made a backup data file. Make the backup file, then start the installer again.
Step 9
Set the Time zone for the system:

a. b. c.
Scroll through the list of time zones. Select the time zone that best represents the location of this server. Select OK.
6-2
Chapter 6
Step 10 Step 11
Select Yes on the Auto Negotiation Configuration screen to enable automatic negotiation of ethernet NIC speed and duplex. Select No for Dynamic Host Configuration Protocol (DHCP) Configuration. You will enter a static address in the next screen. Enter Static Network Configuration values for this server. All fields are required. Field Host Name IP Address IP Mask GW Address Description Host name of this machine (do not include the domain) IP address assigned to the host Subnet mask for the host IP address of the default gateway Your Value
Step 12
Select OK. Select Yes to enable Domain Name System (DNS) Client. Enter values: Field Primary DNS Secondary DNS Domain Description IP address of the primary DNS server (Optional) IP address of the secondary DNS server Domain component of the FQDN Your Value
Step 16 Step 17
Select OK. Enter values for the platform Administrator Login: Field Administrator ID Description Administrator ID to sign in to the computer. (This is distinct from the Cisco Unified Mobility Advantage Admin Portal sign-in information.) This does not need to match any existing value. Password Confirm Password The password for the Administrator ID. Confirm the password for the Administrator ID. Your Value
Step 18
Enter your company information for the certificate information. This information is used internally by the platform and is not relevant to any other certificate procedure in this guide. There are no restrictions on these values. Select OK. Select Yes to set up external Network Time Protocol servers.
Step 19 Step 20
6-3
Chapter 6
Note
We recommend synchronizing the date and time of the server automatically using Network Time Protocol (NTP). A time server (computer that sends accurate date and time settings to other servers through the network) must be available to use NTP.
a.
Enter the NTP server host name or IP address in the NTP Server field. Description Host name or IP address of the NTP server with which to synchronize the Cisco Unified Mobility Advantage server. Your Value
Field NTP Server
b. Step 21
Select OK,
Enter the correct date and time to set the hardware clock. You must do this even if you synchronize the clock using an NTP server. Enter a security password for the internal database.
Step 22
Field Database password

Description Enter any value.
Your Value
Select OK. Select No for the SMTP Host Configuration. (For upgrades only) Retrieve your backup data:
a. b.
Select the Data Migration Retrieval Mechanism that matches your backup. Enter the backup file location and information. The table below assumes you used the recommended SFTP for your backup. Values are case-sensitive:
Setting Remote Server Name or IP Remote File Path Remote File Name Remote Login ID Remote Password Confirm Password
c. Step 26
Description Host name or IP address of the SFTP server that has the Release 3.1.2 backup file Directory on the server that contains the Release 3.1.2 backup file Release 3.1.2 backup filename User sign-in ID used for SFTP file transfer User password used for SFTP file transfer Confirm user password
Your Value
Select OK.
Enter a password for accessing the Cisco Unified Mobility Advantage Admin Portal.
6-4
Chapter 6
Setting
Description
Your Value (The user ID is always Admin.)
Cisco Unified Mobility Password required to sign in to the Cisco Unified Mobility Advantage Admin Portal. Advantage Administrator password This does not need to match any existing value. For upgrades, this information will be ignored. Use your password from the previous release.
Step 27 Step 28
Select OK. Select OK to complete the installation. This is your last opportunity to cancel the installation. Formatting begins, and then the installation starts. The installation can take from 45 minutes to one hour to complete. The server will reboot at least once. You will see a message when installation is complete. Wait a few minutes for the system to be ready for you to sign in to the Admin Portal.
Step 29
What To Do Next

If this is a new installation, whether or not you plan to upgrade to Release 7.0(2): Follow the instructions in Using the Configuration Wizard in Cisco Unified Mobility Advantage, page 7-1. If this is an upgrade from Release 3.x to Release 7.0(1): Follow the instructions in How to Configure Release 7.x to Run with Release 3.x Functionality After Upgrade, page 5-10.
Do not run the configuration wizard if you are performing an upgrade.
6-5
Chapter 6
6-6
CH A P T E R
Using the Configuration Wizard in Cisco Unified Mobility Advantage

After you install, configure Cisco Unified Mobility Advantage using the configuration wizard.

Logging in to the Admin Portal for the First Time, page 7-1 How to Use the Configuration Wizard, page 7-2 Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25 Performing Additional Required Procedures, page 7-25
Logging in to the Admin Portal for the First Time

Before You Begin
Make sure that you have the Cisco Unified Mobility Advantage Administrator password you specified during installation.
Procedure
Step 1
Enter the following URL into a supported web browser: http://hostname or IP Address of the Cisco Unified Mobility Advantage server:7080/adminportal For example: http://mycompany.com:7080/adminportal
Step 2
Enter the password The username is admin; you cannot change it. Select Login. Select Next to start the configuration wizard.
Step 3 Step 4
Troubleshooting Tip
If you see a Page Not Found error, the system may not yet be ready. Try waiting a few more minutes.
7-1
Chapter 7 How to Use the Configuration Wizard
How to Use the Configuration Wizard

The Configuration Wizard prompts you through the steps required to configure Cisco Unified Mobility Advantage for your system. The main sections of the configuration wizard are:

Configuring Security Context Management, page 7-2 Configuring the Connection to Active Directory, page 7-5 Configuring the Connection to Microsoft Exchange, page 7-11 Configuring the Connection to the Voicemail Server, page 7-12 Configuring the Connection to Cisco Unified Communications Manager, page 7-16 Configuring the Connection to Cisco Unified Presence, page 7-19 Viewing Configuration Summaries for Connections to Enterprise Servers, page 7-20 Completing the System Configuration Screen, page 7-20 Configuring Server Setup Network Configuration, page 7-21 Uploading the Client Software to the Server, page 7-23 Managing Provisioning Options, page 7-24 Finishing the Configuration Wizard, page 7-24
Caution
Gather, note, and print the information you will need to complete this Configuration Wizard. See Preparing Information Required for Installation and Configuration, page 1-6.
Note
Do not select the Back button in your browser window or you will lose any unsaved information you have entered.
Tip
You can stop running the wizard at any time and your changes will be saved. When you next sign in, the wizard will resume where you stopped.
Configuring Security Context Management

Security Contexts manage security policies and server identity-verification certificates for connections between Cisco Unified Mobility Advantage and other enterprise servers. Configuring server security can be quite complicated. The simplest recommended configuration is documented here. After Cisco Unified Mobility Advantage is up and running and you have verified that all functionality and features are working correctly, you can modify the security configuration if you require greater security. You will create two Security Contexts in this procedure. Use one for the relationship with the Cisco Adaptive Security Appliance and use the other for relationships with all other enterprise servers. You will configure these relationships later in the Configuration Wizard when you configure the adapters for each enterprise server.
7-2
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
Before You Begin
Obtain the ISO country code for the country where your company is located. Visit http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_ele ments.htm.
Procedure
Step 1 Step 2
Select Create for Do you want to create/upload a new certificate? Enter information. All information is required. Field Context Name Description Trust Policy Client Authentication Policy Certificate Password Server Name Values For The First Security Context Enter cuma Enter trusted_certificates Select Trusted Certificates Select None. Your Value cuma trusted_certificates Trusted Certificates None
Enter the password you want to assign to this certificate. The password must be at least six characters in length. Note this password in a safe place. You may need it later. Enter the fully qualified hostname of this server.
Department Name Enter the name of the department that will be using Cisco Unified Mobility Advantage, if restricted to one department. This value must match the OU value you entered when you generated the Certificate Signing Request for the signed certificate from the Cisco Adaptive Security Appliance. Company Name City State Enter your company name. Enter the city where the department or company is located. Enter the state or province where the city is located. For locations in the United States and Canada, the Certificate Authorities require that you spell out the full name. For example: California (not CA). For other locations, there are no restrictions on this value. Country Code Enter the two-letter ISO country code for the country where the company is located.
Step 3 Step 4
Select Next. Ignore this instruction: Please submit a request to the certificate signing authority (CSA) with the following CSR and select Next. You see this question: Is there any certificate that needs to be imported? Select No. Select Next.
Step 5 Step 6
7-3
Step 7 Step 8
Select Yes to the question Do you want to create one more context? Select Next. The Security Context is created with a self-signed certificate. You will return to this later. Select Next. Select Create for Do you want to create/upload a new certificate? Enter information: Field Context Name Description Trust Policy Client Authentication Policy Certificate Password Server Name Values for The Second Security Context Enter cuma_trust_all Enter trust_all_certificates. Select All Certificates Select None
Enter the password you want to assign to this certificate. The password must be at least six characters in length.
This information should be the same as for the Security Context you just Department Name configured. Company Name City State Country Code
Select Next. Skip this instruction: Please submit a request to the certificate signing authority (CSA) with the following CSR. Select Next. Select No to the question: Is there any certificate that needs to be imported? Select Next. Select No to the question Do you want to create one more context? Select Next. The Security Context is created with a self-signed certificate. You will return to this later. Select Next.
Step 19
Related Topics
Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25
7-4
Chapter 7
Configuring the Connection to Active Directory

Active Directory acts as both the repository for corporate contact information and the authenticating authority for user sessions. Configure Cisco Unified Mobility Advantage to communicate with Active Directory.
Note
Accept the default values where they appear unless you have specific reasons to change them.
Procedure
Step 1
Select and enter your corporate directory server information: Field Corporate Directory Type Adapter Name Description Description Select Active Directory. Other directory types are not supported in this release. Enter a name you want to assign to the corporate directory adapter. Enter a description for the corporate directory adapter.
Step 2 Step 3
Select Next. Enter the host name or IP address of the corporate directory server: Field Active Directory Hostname or IP Address Active Directory Port LDAP port of the corporate directory server. Cisco Unified Mobility Advantage uses this port to connect to the corporate directory for user directory listing and searches. Default is 389. The wizard attempts to detect this port; if successful, do not change it. Description Hostname or IP address of the Active Directory server. Your Value
Step 4 Step 5
Select Next. Select a Base DN from the list or select Edit if to add or modify the Base DN:
7-5
Field Base DN
Description Distinguished name of the root node in your corporate directory server. This is the level in the corporate directory hierarchy at which Cisco Unified Mobility Advantage starts searches. If you are deploying Cisco Unified Mobility Advantage for the entire company, set this value to the base level for the company. For example: DC=example,DC=com If you are deploying Cisco Unified Mobility Advantage for a single organizational unit, you may choose the base level for this organizational unit. For example: OU=Sales,DC=example,DC=com Microsoft recommends that Organizational Units be limited to fewer than 1000 entries.
Your Value
Step 6 Step 7
Select Next. Change the additional information that appears, if necessary. Field Filter Criteria Description Criteria that distinguish employees from other resources in Active Directory, such as conference rooms that can be invited to meetings. Do not change the default value unless you have a specific reason to do so. Follow Referral Determines if Cisco Unified Mobility Advantage follows referrals from the authoritative Active Directory server to cascaded Active Directory servers, for example for subdomains, when searching. The default value is True. Polling Period (days) Frequency (in days) with which Cisco Unified Mobility Advantage checks the corporate directory server for updates. The default is 1 day. Your Value
7-6
Chapter 7
Field Phone Number Format
Description The format you enter here must match the format of the following phone numbers:
Your Value
For releases of Cisco Unified Communications Manager later than 4.x: The primary directory number for each person in Cisco Unified Communications Manager. For Cisco Unified Communications Manager Release 4.x: Phone numbers in Active Directory in the attribute you specify for the Work Phone field in the Advanced Settings described in the table below.
Be careful not to include any extra spaces, especially at the beginning or end of your number format. The correct phone number format enables the system to identify callers by name if the phone numbers in your Active Directory do not use the North American Numbering Plan. By default, Cisco Unified Mobility Advantage formats numbers using the North American Numbering Plan, (###) ###-####, where each # represents a digit. Up to ten digits will be formatted according to this pattern, starting from the right. Therefore:
If a number has five digits (for example, 12345), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 1-2345. If a number has six digits (for example, 123456), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 12-3456.
If you do not use any punctuation at all, the number format for the same number of digits as the default would be ##########. If you need to change this value after Cisco Unified Mobility Advantage is running, restart Cisco Unified Mobility Advantage after you make this change. Connection Type Type of connection to use between Cisco Unified Mobility Advantage and the Active Directory server. Select SSL for secure connections. Select Plain for nonsecure connections. This should match the connection type that Active Directory requires. Security Context This field appears if you selected SSL for Connection Type. Select the cuma_trust_all Security Context that you created at the beginning of the wizard.
Step 8 Step 9
Select Next. Enter information for the account that Cisco Unified Mobility Advantage Server uses to read data from your corporate directory server:
7-7
Field Admin DN
Description Enter the distinguished name of the account that Cisco Unified Mobility Advantage uses to read data from your corporate directory server. For example: CN=CUMA Read Only User,CN=Users,DC=department,DC=example, DC=com This account must have at least read-only permissions in your corporate directory server. It must also have a valid Exchange mailbox.
Your Value
Password Append Base DN
The password for the Admin DN account. If you entered the short form of the Admin DN (Domain name/User ID) instead of the long form including the container name, check the box to append the Base DN to the Admin DN.
Step 10
Select Next. You see the fields in Active Directory that hold directory information for each user. Field Distinguished Name Description Attribute name in Active Directory that represents the distinguished name of a user. For example: distinguishedName First Name Attribute name in Active Directory that represents the first name of a user. For example: givenName Last Name Attribute name in Active Directory that represents the last name of a user. For example: sn User ID Attribute name in Active Directory that represents the corporate name of a user. For example: sAMAccountName Email Attribute name in Active Directory that represents the email address of a user. For example: mail Your Value
Step 11 Step 12
Select Edit only if you have a specific reason to change the default values. Select Next.
7-8
Chapter 7
You see information that Cisco Unified Mobility Advantage uses to determine which Microsoft Exchange server at your company holds the information for each user: Field Contact Adapter Description Enter the name of the attribute within the corporate directory that identifies the logical Exchange server resource name for a user. For example: msExchHomeServerName DNS Host Name Enter the name of the attribute within the corporate directory that identifies the DNS host name of a server machine. For example: dNSHostName Your Value
7-9
Field Contact Adapter DN Mask
Description Enter a mask for the Contact Adapter DN value. The format of the DN Mask is: ??,CN=Computer,DC=department,DC=example,DC=com Cisco Unified Mobility Advantage will use the value of the Contact Adapter field (entered above) in combination with this DN Mask to search for the DNS hostname of a user's Exchange Server. ?? is substituted with the CN=<hostname of the Exchange server>. The following part is used to complete the DN. This complete string is then used to retrieve details about the user's Exchange host. The hostname is retrieved from Active Directory using the Contact Adapter attribute of the user entry. Contact Adapter (msExchHomeServerName). For example, if in Active Directory for user test1, the msExchHomeServerName is "myExchange" and the DN Mask is configured as ??, CN=Computer, DC=myDivision, DC=somecompany, DC=com, then the Cisco Unified Mobility Advantage Enterprise server will lookup the following entry in Active Directory to get details about the Exchange server and use it to store personal contacts of the test1 user: CN=myExchange, CN=Computer, DC=myDivision, DC=somecompany, DC=com
Your Value
Contact Adapter Search Base
Enter the Distinguished Name of the root node that contains your Exchange Server's information in your corporate directory. For example: CN=Computers,DC=department,DC=example,DC=com Cisco Unified Mobility Advantage searches the Exchange Server from this root node. Use the lowest node that includes the necessary names. Using a higher node will create a larger search base and thus reduce performance if the directory is very large. Microsoft retrieves up to 1000 results per search.
Select Edit only if you have a specific reason to change the default values. Select Next. Review the information on the Corporate Directory Configuration Summary screen. To change any setting, select Reset. Otherwise, select Next.
7-10
Chapter 7
Configuring the Connection to Microsoft Exchange

Cisco Unified Mobility Advantage uses Microsoft Exchange for:

Directory Lookup for personal contacts of users Caller identification of people who are in the personal contact list of users Triggering meeting notifications
Configure Cisco Unified Mobility Advantage to communicate with the Exchange server.
Procedure
Step 1
Select or enter personal contact server information. Field Personal Contact Server Type Adapter Name Description Description Select MS Exchange 2000/2003. Other personal contact servers are not supported in this release. Enter a name that you want to assign to this adapter. Enter a description for this adapter.
Step 2 Step 3
Select Next Enter information: Field Description If Microsoft Exchange is clustered, use the hostname associated with the Outlook Web Access (OWA) bridgehead. Transport Type TLS is the secure transport type. Select TLS if Exchange is running SSL. TCP is the nonsecure transport type. Select TCP if Exchange is not running SSL. Your Value
Hostname/IP Address The hostname or IP address of the Exchange server.
Step 4 Step 5
Select Next. Enter information: Field Port Description The port used to connect the Cisco Unified Mobility Advantage Server to the Exchange server. This is the Outlook Web Access (OWA) port of the Exchange server. The default port for SSL connections is 443. The default port for non-SSL connections is 80. Your Value
7-11
Field Exchange Domain
Description The domain for this instance of the Exchange server. For example, CORP. This is the domain that users use when logging into their Windows desktops.
Your Value
User Name Suffix
The suffix that is appended to usernames to complete corporate email addresses. Leave this field blank unless you have a specific reason to change it, for example if you have email addresses with subdomains such as sales.yourcompany.com that resolve to a single domain such as yourcompany.com. If email addresses cannot be determined from Active Directory, obtain this value from your Exchange administrator. This suffix must be a fully qualified DNS domain name. It is often, but not always, yourcompany.com. Do not include the @ character.
Step 6 Step 7
Select Next. Specify whether Cisco Unified Mobility Advantage will integrate with your conferencing application (Cisco Unified MeetingPlace or Cisco Unified MeetingPlace Express): Field Enable Conference Integration Description Specify whether or not to provide conference notifications to Cisco Unified Mobile Communicator users. Your Value
Polling Period (sec) These values apply when you integrate Cisco Unified Mobility Advantage with your conferencing system. Max Threads Polling Offset (min)
Do not change the default values.
Select Next. Review the information on the summary screen. To change any setting, select Reset. Select Next.
Configuring the Connection to the Voicemail Server

Procedure
Step 1 Step 2
Select Yes to configure a voicemail adapter if Cisco Unified Mobility Advantage will connect to Cisco Unity or Cisco Unity Connection. Select Next.
7-12
Chapter 7
Step 3
If you selected Yes, continue with this procedure. If you selected No, skip the rest of this procedure.
Select or enter the voicemail server information: Field Description
Voicemail Adapter Select the type of voicemail server that your company uses. For example, Cisco Unity. Type Adapter Name Description
Step 4 Step 5
Enter a name that you want to assign to the voicemail adapter. Enter a description for the voicemail adapter.
Select Next. Enter information: Field IMAP Information Unity Exchange Hostname/IP Address For Cisco Unity: Hostname of the Exchange server. If you have users on more than one Exchange server, create a separate Cisco Unity adapter for each Exchange server. For Cisco Unity Connection: IP address of the Cisco Unity Connection server. If you have users on more than one Cisco Unity Connection server, create a separate adapter for each Cisco Unity Connection server. Transport Type Choose the connection type for connections to the Exchange server (for Cisco Unity) or to the Cisco Unity Connection server. This setting must match the setting on the Exchange or Cisco Unity Connection server. Select TLS for secure connections (SSL on Exchange or TLS on Cisco Unity Connection). Select TCP for nonsecure connections. Security Context You see this option only if you chose TLS as the Transport Type and you are connecting to Cisco Unity Connection. Choose cuma_trust_all. Description Your Value
7-13
Field Port
Description If Transport Type is TCP:

Your Value
For Cisco Unity: Default is 143. For Cisco Unity Connection: Default is 7993 For Cisco Unity: Default is 993 For Cisco Unity Connection: Default is 7993
If Transport Type is TLS:

Polling Period (sec)
Enter the frequency with which Cisco Unified Mobility Advantage checks for new voice messages. The default is every 600 seconds. Very frequent polling may impact performance.
Are the Voicemail Select Yes if the user ID and password for the user account on the voicemail system are the same as in Active Directory. credentials for the user the same as the Select No otherwise. corporate credentials? Unity Version This field applies only if you are connecting to Cisco Unity. Select the Unity server version. If your version is Cisco Unity 7.x, enter the following SOAP information. SOAP Information Information in this section applies only if you are connecting to Cisco Unity Version is Release 7.x. Unity Host Name/ IP Address Enter the host name or IP address of the Cisco Unity server. This may or may not be the same as the Unity Exchange Host Name/IP Address which hosts the voice messages that are retrieved by IMAP, which you entered above. Select TLS for SSL connections. Select TCP for nonsecure connections. This must match the connection type you specify in Cisco Unity. Port Unity Backup Host Name/ IP Address Application User Name Enter the SOAP port. The default port for TLS is 443, and the default for TCP is 80. Enter the host name or IP address of a back up Cisco Unity server if you have one. Enter the Unity Application User ID. This is the same user ID that you use to sign in to the Cisco Unity Administration page.
Transport Type
Application Password Enter the Password for the Unity Application User.
7-14
Chapter 7
Field Domain
Description Enter the Microsoft Exchange or NT domain of the Cisco Unity inbox.
Note
Your Value
This is not the Fully Qualified Domain Name domain.
Additional Information Security Context Choose cuma_trust_all.
Step 6 Step 7
Select Next. Accept the default values for the following fields unless you have specific reason to change them. Field Phone number search field name Phone number search pattern Description Field to search the phone number of a caller. Default is Subject. We recommend that you do not change the default value. Regular expression for the search pattern that should be used in the Phone Number Search Field Name field. This information is used to identify callers by matching information from Cisco Unity and Cisco Unified Communications Manager with existing contact information in Exchange and Active Directory. Default is the regular expression [0-9]{4,} We recommend that you do not change the default value. Your Value
Step 8 Step 9
Select Next. Select options for voicemail integration. Field Enable Corporate Voicemail Integration Maximum Expiry of Voicemails (days) Description Determine whether or not the Cisco Unified Mobility Advantage Server integrates with your corporate voicemail system and provides voice message viewing and listening capabilities on Cisco Unified Mobile Communicator. The maximum number of days that voice messages will be listed in the client. Default is 30. Your Value
Step 10 Step 11
Select Next. Review the information on the summary screen. To change any setting, select Reset.
7-15
Step 12
Select Next.
Configuring the Connection to Cisco Unified Communications Manager

Configure Cisco Unified Mobility Advantage to integrate with Cisco Unified Communications Manager to provide call-related features such as unified call logs, MobileConnect, and Dial via Office. Available features and exact configuration depend on your version of Cisco Unified Communications Manager.
Before You Begin
You will need the following information:

The usernames and passwords for the CTI-enabled super user accounts you created in Creating CTI-Enabled Super User Accounts, page 3-3. (For Cisco Unified Communications Manager Release 5.x through 7.x) The AXL User ID and password in Configuring Standard AXL API Access to Retrieve User Information, page 3-5. (For Cisco Unified Communications Manager Release 4.x) The Directory Lookup rules you will need. You determined these in Preparing Information Required for Installation and Configuration, page 1-6.
Procedure
Select Yes at the prompt to configure a call control adapter. Select Next. Enter information: Field Call Control Server Type Adapter Name Description Description Select Cisco Unified Communications Manager. Enter a name of your choice. Enter a description.
Step 4 Step 5
Select Next. Enter information for Cisco Unified Communications Manager. The exact fields you see depend on the Cisco Unified Communications Manager version. Be sure to scroll down in the wizard to see all fields. Field Address Information Primary Host Name Enter the hostname or IP address of the primary Cisco Unified Communications Manager server on which you configured the CTI-enabled super user account or accounts. Primary Server Port Enter the port used to communicate with the primary Cisco Unified Communications Manager server. The default is 5060. Description Your Value
7-16
Chapter 7
Field
Description
Your Value
Backup Host Name (Optional) Enter the backup server host name or IP address. Backup Server Port Enter the port used to communicate with the backup Cisco Unified Communications Manager server. CTI User Credentials User Name Enter the CTI-enabled super user you created in Cisco Unified Communications Manager. If you created more than one super user, select Add More to add each. Password SIP Information Transport Type Select TLS for secure connections. Select TCP for normal connections. Select UDP for connections without error correction. The default transport type is TCP. This must match the setting in the CUMA Server Security Profile on the Cisco Unified Communications Manager server. Communications Manager Version Select the version of Cisco Unified Communications Manager. Enter the password or passwords associated with the user ID or names above.
For Release 7.0(1): SOAP Information (In the Admin Portal in Release 7.0(2), this label is Web Services Information) The following fields appear only if you choose Cisco Unified Communications Manager Release 7.x. Https Port Enter the SIP port number of the Cisco Unified Communications Manager server. This is often the same secure port that runs the Cisco Unified Communications Manager Administration page. Cisco Unified Communications Manager runs the AXL interface on this port. The default is 8443. User Name Enter the Cisco Unified Communications Manager Application User ID to which you assigned standard AXL API access. Enter the Password for the user in the row above. This field appears only if you selected TLS for Transport Type. Select cuma_trust_all.
Step 6
Password Security Context
Additional Information
Select Next.
7-17
Select Next on the Dial Rule Instructions page if you are using any version of Cisco Unified Communications Manager other than Release 4.x. (For Cisco Unified Communications Manager Release 4.x only) Enter the directory lookup rules you planned earlier. Select Next. Select options for Cisco Unified Communications Manager integration. Field Enable Corporate PBX Integration Description Select Yes:

To allow users to view in Cisco Unified Mobile Communicator lists of calls they make and receive on all of their office phones To enable the Dial via Office feature.
Select No to allow users to view in Cisco Unified Mobile Communicator only the calls they make and receive on Cisco Unified Mobile Communicator, and to disable the Dial via Office feature. Enable Dial Via Office This option is available only for Cisco Unified Communications Manager Release 7.x and only if you enable corporate PBX integration. Select Yes to enable the Dial via Office feature on Cisco Unified Mobile Communicator. To enable Dial Via office, both "Enable Corporate PBX Integration" and "Enable Dial Via Office" must be set to Yes. Dial Via Office Policy This option is available only for Cisco Unified Communications Manager Release 7.x, and only if you enable Dial Via Office. Select User Option to allow users to choose whether to use the Dial via Office feature for dialing calls. Select Force Dial Via Office to require all users to dial all calls as if they were coming from the office. Dial Via Office Emergency Numbers This option is available only for Cisco Unified Communications Manager Release 7.x, and only if you enable Dial Via Office. Enter phone numbers that will always be dialed directly from the mobile phone and never be dialed via the office. These can be emergency numbers or other numbers such as directory information numbers. For example, in the United States these might include 911 and 411. Maximum Expiry of Call Logs (days) Indicates the maximum value that a user can select for the number of days within which call logs will be sent to the client. Default is 30.
Step 11 Step 12
Select Next. Review the information on the summary screen. To change any setting, select Reset. The Dial Rule Configuration section is referring to the Directory Lookup configuration.
7-18
Chapter 7
Step 13
Select Next.
Configuring the Connection to Cisco Unified Presence

This server allows Cisco Unified Mobile Communicator users to see the availability status of other users. Configure Cisco Unified Mobility Advantage to communicate with Cisco Unified Presence to provide this service.
Procedure
Step 1 Step 2
Choose Yes if you want to integrate Cisco Unified Mobility Advantage with a Cisco Unified Presence server. Select Next.

If you selected Yes, continue with this procedure. If you selected No, skip the rest of this procedure.
Step 3
Enter the Cisco Unified Presence Server adapter information: Field CUP Server Type Adapter Name Description Description Select Cisco Unified Presence. Enter a name that you want to assign to the Cisco Unified Presence Server adapter. Enter a description for the Cisco Unified Presence Server adapter.
Step 4 Step 5
Select Next. Enter information: Field Description Your Value
Host Name/IP Address Hostname or IP address of the Cisco Unified Presence server to which all Cisco Unified Mobility Advantage users are assigned. Port Port on which Cisco Unified Mobility Advantage will communicate with Cisco Unified Presence. (The port of the SOAP Web Service interface that Cisco Unified Presence listens on to accept user sign-in requests.) The default is 8443. Backup Host Name/ IP Address (Optional) Hostname or IP address of the backup Cisco Unified Presence Server, if you have one.
Application User Name The user ID of the Application User you created in Cisco Unified Presence for Cisco Unified Mobility Advantage.
7-19
Field Application Password Security Context

Step 6 Step 7
Description Password for this Application User. Select cuma_trust_all.
Your Value
Select Next. Accept the default SIP settings for the Cisco Unified Presence Server, unless you have specific reasons to change them. Field Default Subscription Interval Transport Type Description Default is 3600. Default is TCP. If you configured Cisco Unified Presence to require a TLS connection, you must select TLS here. Listen Port Min Connections Max Connections Max Load Per Connection Default is 5060. Default is 5. Default is 20. Default is 200. Your Value
Select Yes to enable users to share availability status information. Select Next. Review the information on the summary screen. To change any setting, select Reset. Select Next.
Viewing Configuration Summaries for Connections to Enterprise Servers

Procedure
Step 1 Step 2
Select the Host Name/IP Address of any server for which you want to view a configuration summary. Select Next when you are satisfied with your configurations. You see the System Configuration screen
Completing the System Configuration Screen

The System Configuration screen allows you to determine the Cisco Unified Mobility Advantage Server domain information and SMTP server information. The Cisco Unified Mobility Advantage Server uses the SMTP server to send out device provisioning to BlackBerry clients.
7-20
Chapter 7
Before You Begin
The SMTP Server must allow relaying from Cisco Unified Mobility Advantage. For information, contact your SMTP server administrator or see the documentation for your SMTP server.
Procedure
Step 1
Enter information: Field

General
Description Enter a domain name for this instance of the Cisco Unified Mobility Advantage Server. This forms the address of the Cisco Unified Mobile Communicator user. For example: cisco.com This should match the Proxy domain of the Cisco Unified Presence server.
Your Value
Domain
Session Timeout Enter the number of days after which users must sign in again to Cisco Unified Mobile Communicator. (days)
SMTP Server Configuration
Host Name
Enter the hostname of your SMTP gateway. This must be the same as your Exchange hostname if you use the Exchange server as your SMTP gateway. Enter the port number for the SMTP gateway. Usually, this is 25. Specify whether or not your organization requires authentication for access to the SMTP server. Enter the email address of the Cisco Unified Mobility Advantage administrator. Cisco Unified Mobility Advantage uses this email address to send provisioning messages and alerts to users.
Port Authentication Required Admin Email
SMTP Authentication Password

Step 2
If you selected True for Authentication Required, enter the password associated with the account you entered for the Admin Email address in the previous row of this table.
Select Next.
Configuring Server Setup Network Configuration

Configure Cisco Unified Mobility Advantage to communicate with the Cisco Adaptive Security Appliance and Cisco Unified Mobile Communicator clients.
7-21
Before You Begin

You will need the Proxy Host Name that you obtained in Obtaining IP Addresses and DNS Names from IT, page 1-3. You will need the port numbers you obtained in Opening Firewall Ports, page 1-5.
Procedure
Step 1
Enter information: Field Proxy Host Name Description Host name that clients will use to connect through the Cisco Adaptive Security Appliance to Cisco Unified Mobility Advantage. You obtained this value when you completed preinstallation steps. The hostname must be routable from the Internet. The Proxy Host Name should resolve to the external IP address that you received from your IT administrator. Proxy Client Connection Port Enter the port that is used for secure communication between the Cisco Unified Mobile Communicator client and the Cisco Adaptive Security Appliance. Enter the port through which clients connect to the Cisco Adaptive Security Appliance for wireless downloads of Cisco Unified Mobile Communicator. For BlackBerry-only deployments: This field is not used for BlackBerry clients if you will distribute the client software only through the BlackBerry Enterprise Server. However, you must enter a value. Enter any number within the allowed range. Managed Server Information Client Connection Port Enter the port that Cisco Adaptive Security Appliance uses to connect to Cisco Unified Mobility Advantage. The Cisco Adaptive Security Appliance translates this port to the Proxy Client Connection Port for Cisco Unified Mobile Communicator client connections to the Cisco Adaptive Security Appliance. User Portal Port Enter the port users will use to access the Cisco Unified Mobile Communicator User Portal. The range is 9400-9500. The default value is 9443. For security, this port should be available only behind your corporate firewall. Your Value
Proxy Server Information
Proxy Client Download Port
7-22
Chapter 7
Field Client Download Port
Description The port on which users will download the client software. This port is translated to the Proxy Client Download Port for client connections to the Cisco Adaptive Security Appliance. For BlackBerry-only deployments: This field is not used for BlackBerry clients if you will distribute the client software through the BlackBerry Enterprise Server. However, you must enter a value. Enter any number within the allowed range.
Your Value
Security Context
Select the cuma Security Context that you created at the beginning of the wizard.
Step 2
Select Next. The Server Setup Summary screen appears. Review the information. To change information, select Reset. Select Next.
Step 3 Step 4
Uploading the Client Software to the Server

You must upload the Cisco Unified Mobile Communicator client software onto the Cisco Unified Mobility Advantage server for distribution to user devices. All client software for this release is distributed in a single file with a .oar filename extension.
Before You Begin
Obtain the Cisco Unified Mobile Communicator software .oar file for this release. Cisco Unified Mobile Communicator is provided on a separate CD from Cisco Unified Mobility Advantage, or you can download it from Cisco.com. The CD or downloaded software file contains Cisco Unified Mobile Communicator software for supported mobile phone technologies and information for configuring supported phones. You should be looking at the Handset Platform Management window in the Configuration Wizard.
Procedure
Step 1 Step 2
Browse to or enter the location of the Cisco Unified Mobile Communicator software. Select Next. When the upload is successful, you see a list of the handset platforms and versions of Cisco Unified Mobile Communicator now installed in Cisco Unified Mobility Advantage.
Step 3
Select Next.
7-23
Managing Provisioning Options

Choose the country, mobile phone service providers, and supported handset models your deployment will support.
Procedure
Select the arrow beside a country to view the supported mobile service providers in that location. Select the arrow beside a provider to view the devices that provider supports. Select the country, mobile phone service providers, and supported handset models for your deployment. Checking a box selects each box in the list under that entity, whether or not you see the list. Uncheck boxes as needed, or start by checking each device to support. Windows Mobile is currently available in English only. On Nokia Symbian phones, Release 7.0 is available in English, while French, German, Spanish, and Italian are supported in Release 3.x. BlackBerry clients have separate installers for each supported language:

de = German en = English es = Spanish fr = French it = Italian
Step 4
Select Next.
Finishing the Configuration Wizard

The Summary screen displays your Cisco Unified Mobility Advantage settings.
Procedure
Review the configuration summary. Select Reset under any area to make changes to that area. Select Finish. Select No if you see a prompt to start the Managed Server (Cisco Unified Mobility Advantage).
What To Do Next
Continue with the remaining sections in this chapter.
7-24
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage Downloading the Self-Signed Certificate (After Running the Configuration Wizard)
Downloading the Self-Signed Certificate (After Running the Configuration Wizard)

You must import this certificate into the Cisco Adaptive Security Appliance.
Procedure
Sign in to the Cisco Unified Mobility Advantage Admin Portal. Select Security Context Management. Select Security Contexts. Select Manage Context beside the cuma security context. This is the first Security Context you created above. Select Download Certificate. Save the file.
Step 5 Step 6
What To Do Next
See Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage.
Performing Additional Required Procedures

Before Cisco Unified Mobile Communicator clients can connect, you must also perform the following procedures in order.
Procedure
To Complete essential security configuration. Depending on the security requirements of your other enterprise servers, download certificates from Cisco Unified Mobility Advantage and import them into the relevant servers. Start Cisco Unified Mobility Advantage Activate users
More Information All remaining procedures in Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance.

Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11. Importing Certificates into Cisco Unified Operating System Servers, page 3-16. For other enterprise servers (such as Active Directory or Cisco Unity), see the documentation for those servers.

Activating Users, page 14-1 Restricting Access By Device, page 14-2
7-25
Chapter 7 Performing Additional Required Procedures
To Provision devices
More Information

Chapter 15, Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Chapter 16, Deploying Cisco Unified Mobile Communicator on BlackBerry Devices
Give users the information Information to Give to Users, page 14-3 they need in order to use Cisco Unified Mobile Communicator Consider obtaining and deploying a signed certificate on the Cisco Unified Mobility Advantage server This is recommended but not required, and you can do it later, after your system is running and you have tested it. See About Required and Recommended SSL Certificates, page 9-2.
7-26
CH A P T E R
Accessing Cisco Unified Mobility Advantage

Revised Date: May 4, 2009
Use the Cisco Unified Mobility Advantage Admin Portal to manage Cisco Unified Mobility Advantage and Cisco Unified Mobile Communicator. There is no command-line interface access for this release.

Logging In to the Admin Portal, page 8-1 How to Change the Admin Portal Password, page 8-2
Logging In to the Admin Portal

The Cisco Unified Mobility Advantage Admin Portal is accessible using these web browsers:

Internet Explorer 6.0 Mozilla Firefox 1.5
You can sign in to the Admin Portal from any computer that has access to the server. The portal is designed for viewing at 96 DPI.
Procedure
Step 1
Open a web browser and enter the Admin Portal URL: http://hostname or IP address of your Cisco Unified Mobility Advantage server:7080/adminportal For example: http://mycompany.com:7080/adminportal
Step 2
Enter the Admin user ID and password. The username is admin and cannot be changed. Select Login to display these options:
Step 3
8-1
Chapter 8 How to Change the Admin Portal Password
Option End Users
Description Activate, deactivate, and manage users. Provision new mobile phones and upgrade Cisco Unified Mobile Communicator on mobile phones. Delete Cisco Unified Mobile Communicator data from mobile phones.
Enterprise Configuration
Configure Cisco Unified Mobility Advantage to communicate with Active Directory, Microsoft Exchange, Cisco Unity, Cisco Unified Presence, and Cisco Unified Communications Manager servers. Configure voicemail, call control, and conference integration. View supported mobile phone platforms and versions of Cisco Unified Mobile Communicator installed on your system. Install an upgrade version of Cisco Unified Mobile Communicator. Download Cisco Unified Mobile Communicator to your desktop computer for provisioning purposes.
Handset Platform Management
Server Controls System Management
Start or stop Cisco Unified Mobility Advantage and specify server settings required for operation. View or edit system properties, set configuration information (for log files and calendar and SMTP Server connections), and view a summary of Cisco Unified Mobility Advantage server ports. Manage client-server security within the Cisco Unified Mobility Advantage deployment. Generate and view server statistics and summaries.
Security Context Management Reports
How to Change the Admin Portal Password

Changing the Password from the Admin Portal, page 8-2 Changing the Password Without the Current Admin Portal Password, page 8-3
Changing the Password from the Admin Portal

If you are able to log into the Admin Portal, you can change the password from the Admin Portal.
Procedure
Sign in to the Admin Portal. Select the [+] beside System Management. Select System Properties. Enter the new password in the Admin Password and Confirm Admin Password fields.
8-2
Chapter 8
Accessing Cisco Unified Mobility Advantage How to Change the Admin Portal Password
Step 5 Step 6
Select Submit. Restart Cisco Unified Mobility Advantage.
Changing the Password Without the Current Admin Portal Password

If you have forgotten the Admin Portal password but you know the platform administrator credentials, you can change the Admin Portal password from the command-line interface.
Procedure
Step 1 Step 2
Use SSH to access the Cisco Unified Mobility Advantage server using your platform administrator credentials. Enter the following command to reset the password:
set password cuma
Step 3
Enter the following command to restart Cisco Unified Mobility Advantage and activate the new password:
utils service restart CUMA Admin
8-3
Chapter 8 How to Change the Admin Portal Password
8-4
CH A P T E R
Managing Server Security in Cisco Unified Mobility Advantage

This chapter describes the concepts and processes for establishing server identity.

About Secure Connections and SSL Certificates, page 9-1 About Required and Recommended SSL Certificates Explanation of Security Contexts, page 9-4 Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5 Creating Security Contexts, page 9-7 Importing Self-Signed Certificates from Trusted Servers, page 9-10 Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11 How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12 Certificate Uploads and Downloads, page 9-15 Viewing Certificate Details, page 9-16 Deleting Security Contexts And Certificates, page 9-17
About Secure Connections and SSL Certificates

In order for a client to connect securely to a server, the client generally requires that the server verify its identity. A client can be a browser, a mobile device running Cisco Unified Mobile Communicator, or any server that initiates a connection with another server. Servers can have both client and server relationships with each other. A client connects securely to a server using SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocol. Secure connections require digital certificates to verify the identity of the server. Several types of digital certificates can be used to establish trust between a client and a server:
Self-signed certificates are generated from the server; a copy of the certificate must reside on the client. When a client connects to a server, it compares the certificate that the server presents to the copy of the certificate in its own trust store.
9-1
Chapter 9 About Required and Recommended SSL Certificates
Certificates signed by a recognized Certificate Authority (CA) such as VeriSign enable clients to trust servers without having a to import a certificate from each server onto the client, as long as the client recognizes certificates that are signed by the particular Certificate Authority. Certificates can be signed by other authorities, such as an in-house corporate signing authority that guarantees servers within the corporate firewall.
You can also configure each server behind the your corporate firewall to trust the identity of other servers behind the same firewall without explicitly requiring certificates.
Signed Certificate Information

Signed certificates generally consist of up to three sub-certificates:

A root certificate which declares the identity of the signing Certificate Authority. An intermediate certificate, which is provided by many certificate authorities to accompany a signed certificate. The signed certificate which identifies the server being authenticated.
Certificates signed by a corporate signing authority may also include root and intermediate certificates.
About Required and Recommended SSL Certificates

Required and Recommended Signed Certificates, page 9-2 Required and Recommended Self-Signed Certificates, page 9-3
Required and Recommended Signed Certificates

Some clients (such as Cisco Unified Mobile Communicator or standard web browsers) require or request certificates that are signed by a recognized Certificate Authority in order to connect to a server. Necessity Required Description For the Cisco Adaptive Security Appliance. Cisco Unified Mobile Communicator clients require this certificate. For New installations Do This You must purchase this certificate after you configure the Cisco Adaptive Security Appliance, but before you can test Cisco Unified Mobility Advantage. It may take up to 24 hours to receive your certificate from the signing authority. See (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10. Upgrades from You may be able to reuse the signed certificate from the proxy server in Cisco Unified Mobility Advantage Release Release 3.x 3.1.2. Before you upgrade Cisco Unified Mobility Advantage from Release 3.x, review the restrictions and process overview in Saving the SSL Certificate from the Proxy Server, page 5-8, then perform the procedure if applicable.
9-2
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage About Required and Recommended SSL Certificates
Necessity Recommended
Description For the Cisco Unified Mobility Advantage server. This certificate prevents users from seeing an Untrusted certificate warning when they access the User Portal. Browsers generate this warning when they connect to a server that does not have a signed certificate.
For New installations
Do This You must install Cisco Unified Mobility Advantage before you can obtain a signed certificate for this purpose. You can use a self-signed certificate for initial configuration and testing, and then obtain and deploy a signed certificate later. See How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12.
Upgrades from If you had a signed certificate on the managed server in Cisco Unified Mobility Advantage Release 3.1.2, you may Release 3.x be able to reuse this certificate. See:
Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15 Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.
Related Topics

About Secure Connections and SSL Certificates, page 9-1 How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance, page 2-8
Required and Recommended Self-Signed Certificates

If your company has a corporate signing authority, you can use certificates signed by the corporate authority instead of self-signed certificates. Certificate A certificate (self-signed or signed) from Cisco Unified Mobility Advantage is required for the Cisco Adaptive Security Appliance to communicate with Cisco Unified Mobility Advantage. If you followed the instructions for the Configuration Wizard in Chapter 7, Using the Configuration Wizard in Cisco Unified Mobility Advantage, you must import a certificate from the Cisco Adaptive Security Appliance to Cisco Unified Mobility Advantage. This configuration is recommended for all deployments. Cisco Unified Mobility Advantage does not require certificates from See Deploying Self-Signed other enterprise servers in order to run, but your corporate security Certificates for Internal requirements and settings on other servers may require you to deploy Servers: Example, page 9-5. certificates in both directions. More Information Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4
9-3
Chapter 9 Explanation of Security Contexts
Explanation of Security Contexts

Each client and server may have security policies that govern the type of identity verification required for connections with other clients and servers. In Cisco Unified Mobility Advantage, you specify security policies in one or more Security Contexts. You then associate one Security Context with each enterprise server that Cisco Unified Mobility Advantage connects to. In addition, each enterprise server may have security policies of its own that require Cisco Unified Mobility Advantage to verify its identity. Servers verify their identities using certificates. Security Contexts in Cisco Unified Mobility Advantage do the following:
Determine the level and type of identity verification that Cisco Unified Mobility Advantage requires from each server and client with which it connects. For example, servers behind your corporate firewall (most enterprise servers with which Cisco Unified Mobility Advantage communicates) may require less stringent identity verification because they are already in a presumably secure environment. Communications with a server in a DMZ (for example, the Cisco Adaptive Security Appliance) generally require stricter identity verification because a DMZ environment is less secure.
Store copies of trusted certificates. Depending on your security choices, certificates that other servers present must match their corresponding certificates stored in the Security Context that you assigned to that server. Store the certificate that Cisco Unified Mobility Advantage presents when identifying itself to other servers. Collect the information needed to create certificates, and use that information to generate certificates to provide to other servers for their store of trusted certificates, or to generate a Certificate Signing Request for a signed certificate.
In general, if you set the Connection Type for an enterprise server to TLS or SSL (secure), you must specify a Security Context for connections with that server. You specify the certificate requirements in the Security Context.
Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance

Use the following set of procedures to deploy self-signed certificates for communications between Cisco Unified Mobility Advantage and the Cisco Adaptive Security Appliance.
Before You Begin
Determine your certificate needs. See How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance, page 2-8.
9-4
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Deploying Self-Signed Certificates for Internal Servers: Example
Procedure
Do This
Step 1
Creating Security Contexts, page 9-7. In Cisco Unified Mobility Advantage, create a Security Context that specifies Trusted Certificates for the Trust Policy. If you followed the instructions for the Configuration Wizard in Chapter 7, Using the Configuration Wizard in Cisco Unified Mobility Advantage, you have already created the cuma Security Context.
Step 2
In System Management > Network Properties, specify the Security Context from Step 1 in this table. If you followed the instructions for the Configuration Wizard, you have already completed this step.
Step 3
Generate a self-signed certificate from Cisco Unified If you followed the instructions for the Mobility Advantage. Configuration Wizard:
Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25 Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11.
Otherwise:
Step 4 Step 5
Import this certificate to the trust store of the Cisco Adaptive Security Appliance. Generate a self-signed certificate from the Cisco Adaptive Security Appliance. Import this certificate into the trust store of Cisco Unified Mobility Advantage.
Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12. Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14. Importing Self-Signed Certificates from Trusted Servers, page 9-10
Step 6 Step 7
In the Cisco Adaptive Security Appliance, complete Setting up the TLS Proxy, page 2-15 and the remaining configurations remaining procedures in that chapter.
Deploying Self-Signed Certificates for Internal Servers: Example

Secure connections between internal servers are not required by default for Cisco Unified Mobility Advantage to operate. However, your corporate security policies may require them. If you assign a Security Context that has the Trust Policy set to Trusted Certificates for an enterprise server, then you must deploy a certificate to verify the identity of that server. Generally, if your security policies are consistent, this will be a reciprocal requirement, so you will also need to provide a certificate from Cisco Unified Mobility Advantage to verify its identity to the other server.
9-5
Chapter 9 Deploying Self-Signed Certificates for Internal Servers: Example
You can use self-signed certificates or certificates signed by an in-house corporate signing authority to verify the identities of servers behind the corporate firewall. This configuration example describes one option to configure security for internal servers, using self-signed certificates. Use the same basic procedure for each enterprise server that supports secure connections.
Before You Begin

We recommend that you verify that all features that you deployed are functioning properly before you introduce security to the configuration. For the following servers, use different instructions instead of this topic:
For Cisco Adaptive Security Appliance, see Deploying Self-Signed Certificates:
Cisco Adaptive Security Appliance, page 9-4.

For Cisco Unified Communications Manager, see How to Configure Server Security for
Connections with Cisco Unified Communications Manager, page 3-13.

For Cisco Unified Presence, see How To Configure Server Security for Cisco Unified Presence,
page 4-3.
Procedure
Do This
Step 1
In Cisco Unified Mobility Advantage, create a Creating Security Contexts, page 9-7. Security Context that specifies Trusted Certificates for the Trust Policy. You can use this Security Context for all enterprise servers that have the same security requirements. If you followed the instructions for the Configuration Wizard you can use the cuma Security Context.
Step 2
In the Enterprise Adapter for the server, select TLS or SSL as the Transport Type, then specify the Security Context from Step 1 in this table.
Viewing and Changing Enterprise Adapter Settings, page 10-4 Appendix A, Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage
On the enterprise server, require secure communications.
See the documentation for the server.
Generate a self-signed certificate from Cisco Unified Downloading Self-Signed Certificates from Mobility Advantage. Cisco Unified Mobility Advantage, page 9-11. Import this certificate to the trust store of the enterprise server. Generate a certificate from the enterprise server. Import this certificate to the trust store of Cisco Unified Mobility Advantage. See the documentation for the server. See the documentation for the server. Importing Self-Signed Certificates from Trusted Servers, page 9-10
9-6
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Creating Security Contexts
Creating Security Contexts

Security Contexts manage security policies and server identity-verification certificates for connections between Cisco Unified Mobility Advantage and other enterprise servers. You can use them to generate and store digital certificates that verify server identity.
Create a security context for each different type of security you require in order to allow other servers to communicate with Cisco Unified Mobility Advantage. For example, if you require no imported certificates from internal servers and a self-signed certificate from the Cisco Adaptive Security Appliance in the DMZ, create two Security Contexts. If you followed the documentation for the Configuration Wizard, you created these two Security Contexts.
You can use a single security context to govern relationships with multiple servers, if the requirements are the same for all of those servers. You may need to create multiple security contexts in order to satisfy the security requirements of all enterprise servers. For example, some servers may require Cisco Unified Mobility Advantage to present a trusted certificate.
Before You Begin
Determine the two-letter ISO country code for the location of your Cisco Unified Mobility Advantage server. Visit http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_element s.htm.
Procedure
Sign in to the Cisco Unified Mobility Advantage Admin portal. Select the [+] beside Security Context Management. Select Security Contexts. Select Add Context. Enter information: Field Context Name Description Description Enter a name for the certificate. The name cannot contain spaces or special characters. Enter a description for the certificate.
9-7
Chapter 9 Creating Security Contexts
Field Trust Policy
Description This value determines the type of certificate Cisco Unified Mobility Advantage requires of an enterprise server with which it initiates communication, such as Cisco Adaptive Security Appliance and Cisco Unified Communications Manager. Options are:
Trusted Certificates The other server must present one of the following:
A self-signed certificate that you will have already
imported into Cisco Unified Mobility Advantage.

A certificate signed by a recognized Certificate Authority
that Cisco Unified Mobility Advantage supports.

A certificate signed by another authority, such as a
corporate signing authority. In this case, you must import the certificates of the signing authority into Cisco Unified Mobility Advantage.
All Certificates Choose this option if you do not want to verify certificates that each server presents. Cisco Unified Mobility Advantage trusts certificates from each server whose enterprise adapter is associated with this Security Context. You do not need to import certificates in this case.
Default All servers must present certificates that are signed by a recognized Certificate Authority.
Client Authentication Policy
This setting determines whether Cisco Unified Mobility Advantage requires a certificate from clients or other servers that initiate a connection to it. Typically, communications using the TLS protocol do not require a certificate in this situation. Cisco Unified Mobility Advantage uses the Client Authentication Policy when it is acting as a server (for example, in communications with the Cisco Adaptive Security Appliance.) Options are:

None Cisco Unified Mobility Advantage does not request a certificate from the client. Optional Cisco Unified Mobility Advantage requests but does not require a certificate from the client. Required Cisco Unified Mobility Advantage requires a certificate from the client.
The type of certificate required is specified in the Trust Policy field, described above.
9-8
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Creating Security Contexts
Field Certificate Password
Description Enter the password you want to assign to this certificate. The password must be at least six characters in length. If you are upgrading from Release 3.x and you upload a certificate from Cisco Unified Mobility Advantage Release 3.x, you must enter the same password, which you noted before you performed the upgrade. Note this password in a safe place. You may need it later.
Server Name Department Name
Enter the fully qualified hostname of this server. Enter the name of the department that will be using Cisco Unified Mobility Advantage, if restricted to one department. For the Security Context that you will associate with the Cisco Adaptive Security Appliance, this value must match the OU value you entered when you generated the Certificate Signing Request for the signed certificate from the Cisco Adaptive Security Appliance.
Company Name
Enter your company name. If you will use the information in this Security Context to obtain a signed certificate, use the name under which your company or organization is officially registered to conduct business. VeriSign validates this name against official business registration documents. If the company name includes symbols requiring the shift key, see instructions at your Certificate Authority website.
City State
Enter the city where the department or company is located. Enter the state or province where the city is located. Check with your supported Certificate Authority to determine exact requirements for this value. At publication, the requirements are:

For locations in the United States and Canada, spell out the full name. For example: California (not CA). For other installations, there are no restrictions on this value.
Country Code
Enter the two-letter code for the country where the company is located. You obtained this value while completing the prerequisites for this procedure.
Step 6
Select Submit.
What To Do Next
For each enterprise server that requires a TLS or SSL connection, specify an appropriate Security Context. A single Security Context can be associated with multiple servers if the security requirements are the same for all.
For the Cisco Adaptive Security Appliance: Assign a Security Context on the System
Management > Network Properties page.
9-9
Chapter 9 Importing Self-Signed Certificates from Trusted Servers
For other enterprise servers: Assign an appropriate Security Context on the Enterprise Adapter
page for each server. See Appendix A, Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage and Chapter 10, Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage.
If the Trust Policy is Trusted Certificates and you will use self-signed certificates to establish trust:
See Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5
If the Trust Policy is Trusted Certificates and you will use a certificate signed by a nonrecognized authority such as an in-house corporate signing authority:
Follow the procedures at your company to obtain the required certificate chain. Import the certificates into Cisco Unified Mobility Advantage. See Importing Intermediate
Certificates, page 9-14 and Importing Certificates Signed by a Certificate Authority, page 9-15.
Import the root certificate into the trust store of the other server.
If the Trust Policy is Default or Trusted Certificates and you will use a certificate signed by a recognized certificate authority, follow the instructions in How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12.
Importing Self-Signed Certificates from Trusted Servers

Use this procedure:

To import a self-signed certificate from the Cisco Adaptive Security Appliance. To import self-signed certificates from other enterprise servers, if you specified for any Enterprise Adapter TLS connection, and the associated server will present a self-signed certificate.
You can import multiple certificates into a single Security Context.

Before You Begin
Generate a self-signed certificate from each enterprise server whose Enterprise Adapter in Cisco Unified Mobility Advantage has a Security Context that specifies Trusted Certificates for the Trust Policy.
For the Cisco Adaptive Security Appliance, see Generate a Certificate for Cisco Unified
Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14.
For Cisco Unified Communications Manager, see Obtaining a Certificate from Cisco Unified
Communications Manager, page 3-16. The certificate files will be named CallManager.pem and tomcat.pem.
For Cisco Unified Presence, see the documentation for that product.
There are three separate certificates: - sipproxy.pem - tomcat.pem (You can rename this file to a unique name to avoid confusion.) - PresenceEngine.pem
For Cisco Unity Connection, you need the tomcat.pem file. (You can rename this file to a unique
name to avoid confusion.)

For other servers, see the documentation for each server.
9-10
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage
Identify the name of the Security Context that is associated with the server whose certificate you want to import:
For the Cisco Adaptive Security Appliance: This is the Security Context specified on the
System Management > Network Properties page.

For other servers: This is the Security Context specified on the Enterprise Adapter page of the
server whose certificate you want to import.
Make sure the Security Context has the Trust Policy set to Trusted Certificates.
Procedure
Open the certificate in WordPad (not Notepad). Select the [+] beside Security Context Management in the Admin Portal. Select Security Contexts. Select Manage Context for the Security Context into which you want to import the certificate. If you used the Configuration Wizard, this is the cuma security context. Select Import on the Trusted Certificate(s) line. Enter the certificate name (no spaces). Copy and paste the text from the certificate into the Certificate field. Include the following lines. Make sure that there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Select Import. Restart Cisco Unified Mobility Advantage.
Step 8 Step 9
Related Topics

Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5
Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage

If any server with which Cisco Unified Mobility Advantage communicates requires identity verification, you can create and deploy a self-signed certificate. The Cisco Adaptive Security Appliance requires identity verification. This procedure downloads a PEM- encoded certificate with a .cer filename extension.
Before You Begin
Make sure that a self-signed certificate meets your needs. See Required and Recommended Self-Signed Certificates, page 9-3.
9-11
Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server
Create at least one security context. Complete all fields in the form. Note that this procedure is different from the procedure for downloading a keystore file, as described in Certificate Uploads and Downloads, page 9-15 and Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14.
Procedure
Select the [+] beside Security Context Management. Select Security Contexts. Select Manage Context beside the security context that holds the certificate to download. Select Download Certificate. If the certificate is a chain (has associated root or intermediate certificates), only the first certificate in the chain is downloaded. This is sufficient for self-signed certificates.
Step 5
Save the file.
Related Topics

About Secure Connections and SSL Certificates, page 9-1 Creating Security Contexts, page 9-7 Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5 Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25
What To Do Next
Import this certificate to the server or servers that require it:

For the Cisco Adaptive Security Appliance: See Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12. For Cisco Unity: See the documentation for the Internet Information Server (IIS) on the platform on which Cisco Unity is installed. For other Cisco products: See Importing Certificates into Cisco Unified Operating System Servers, page 3-16. For other servers: See the documentation for each server for instructions.
How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server

Obtaining and Deploying a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-13 Creating a Certificate To Be Signed by a Certificate Authority, page 9-13 Importing Intermediate Certificates, page 9-14 Importing Certificates Signed by a Certificate Authority, page 9-15
9-12
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server
Obtaining and Deploying a Signed Certificate for the Cisco Unified Mobility Advantage Server
There are two ways to obtain signed certificate, depending on your situation: To (If you upgraded from Release 3.1.2) Determine whether you can re-use an existing signed certificate Obtain a signed certificate for Cisco Unified Mobility Advantage Do This See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15. Follow these procedures in order, as applicable:
1. 2. 3.
Creating a Certificate To Be Signed by a Certificate Authority, page 9-13 Importing Intermediate Certificates, page 9-14 Importing Certificates Signed by a Certificate Authority, page 9-15
Related Topics
Required and Recommended Signed Certificates, page 9-2
Creating a Certificate To Be Signed by a Certificate Authority

You can obtain signed certificates for Cisco Unified Mobility Advantage from the following Certificate Authorities: VeriSign and GeoTrust. These certificates are supported because they are generally available on all mobile devices.
Before You Begin

Determine your certificate needs. See About Required and Recommended SSL Certificates, page 9-2. Visit the web site of your Certificate Authority (VeriSign or GeoTrust) to determine the process and requirements for purchasing a signed certificate. We recommend that you become generally familiar with the policies of the Certificate Authority. For example, check the requirements for extending the certificate so that you maintain the necessary records.
Procedure
Step 1
Create or navigate to a security context that is associated with a server which requires a signed certificate. If you followed the instructions for the Configuration Wizard, use the cuma Security Context. Select Manage Context. Select Retrieve CSR to generate a Certificate Signing Request. The CSR appears.
Step 2 Step 3
9-13
Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server
Step 4
Follow the instructions on the web site of the Certificate Authority to purchase the signed certificate. You will need the CSR you just retrieved. You will receive an email message with the signed certificate information. This process may take up to 24 hours. Note your certificate password in a safe place for future reference.
Step 5
What To Do Next
When you receive the signed certificate from the Certificate Authority, follow the instructions in Importing Intermediate Certificates, page 9-14.
Importing Intermediate Certificates

Before you import a signed certificate, you may need to import an intermediate certificate if the signing Certificate Authority tells you to do so.
Before You Begin

Determine whether your Certificate Authority requires an intermediate certificate. Follow the procedure in Creating a Certificate To Be Signed by a Certificate Authority, page 9-13. Receive the signed certificate by email from the Certificate Authority. This email message may also contain information about an intermediate certificate if one is required. Review any instructions from the Certificate Authority. Identify the name of the Security Context that is associated with the server that requires a signed certificate from Cisco Unified Mobility Advantage. For the Cisco Adaptive Security Appliance, this is the Security Context specified on the System Management > Network Properties page. You must import the certificate into this Security Context.
Procedure
Select the [+] beside Security Context Management. Select Security Contexts. Select Manage Context beside the Security Context into which you will import the signed certificate. If you followed the instructions for the Configuration Wizard, this will be the cuma Security Context. Select Import in the Trusted Certificates bar. Paste the intermediate certificate text. Name the certificate. Select Import.
What To Do Next
Import the signed certificate. See Importing Certificates Signed by a Certificate Authority, page 9-15.
9-14
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Certificate Uploads and Downloads
Importing Certificates Signed by a Certificate Authority

After you receive the signed certificate from the Certificate Authority, you must import it into Cisco Unified Mobility Advantage. You do not need to import it into any other server.
Before You Begin

Follow the procedure in Creating a Certificate To Be Signed by a Certificate Authority, page 9-13. Receive the signed certificate by email from the Certificate Authority. This email message may also contain information about an intermediate certificate if one is required. Review any instructions from the Certificate Authority. Identify the name of the Security Context that is associated with the server that requires a signed certificate from Cisco Unified Mobility Advantage. For the Cisco Adaptive Security Appliance, this is the Security Context specified on the System Management > Network Properties page. You must import the certificate into this Security Context. Import the intermediate certificate, if required. See Importing Intermediate Certificates, page 9-14
Procedure
Select the [+] beside Security Context Management. Select Security Contexts. Select Manage Context beside the Security Context into which you will import the certificate. If you followed the instructions for the Configuration Wizard this will be the cuma Security Context. Select Import CA Reply. Name the certificate. Paste the certificate text. Select Import. You do not need to import a signed certificate for Cisco Unified Mobility Advantage into any other server.
Certificate Uploads and Downloads

You can upload or download certificates, for example certificates that Cisco Unified Mobility Advantage uses to verify its identity to other servers. These features are particularly useful if you are upgrading from Cisco Unified Mobility Advantage Release 3.x and you want to reuse the signed certificate from the Proxy Server.
9-15
Chapter 9 Viewing Certificate Details
Operation Uploading certificates
Details If you have an existing signed certificate that is valid for this server, you can upload the existing certificate instead of creating a new certificate. Supported file formats are JKS and PKCS12. The security context into which you upload the certificate cannot have the Trust Policy set to All Certificates. Uploading is different from importing certificates from trusted servers.
Downloading certificates
This process downloads a keystore file in PKCS12 format. Do not use this process for generating self-signed certificates.
Related Topics

Uploading the Proxy Server Certificate to Release 7.x, page 5-13 Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14 Importing Self-Signed Certificates from Trusted Servers, page 9-10 Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11
Viewing Certificate Details

You can view certificate information such as expiration date.
Procedures
To View Certificates Cisco Unified Mobility Advantage shows to other servers
Procedure
1. 2. 3. 4.
Navigate to the Security Context that holds the certificate. Select Manage Context. Look at the server certificate information in the Key Entry section. Select View Certificate Chain to view any intermediate and root certificates associated with this server certificate.
9-16
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Deleting Security Contexts And Certificates
To View Imported certificates from trusted servers
Procedure
1. 2. 3.
Navigate to the Security Context that holds the certificate. Select Manage Context. Select the [+] beside the certificate name under Trusted Certificates. Select the [+] beside Security Context Management. Select Certificate Utility. Browse to the certificate. Select the certificate type. Enter the certificate password. Select View.
Any certificate resident on the server
1. 2. 3. 4. 5. 6.
Deleting Security Contexts And Certificates

Procedures
To Delete A security context and any associated certificates. You cannot delete a security context that is specified in any Enterprise Adapter or the Network Properties page.
Do This
1.
Consider downloading and saving any signed certificates associated with this security context. Be sure to use the Download button, not the Download Certificate button. Select the [+] beside Security Context Management. Select Security Contexts. Select Delete beside the appropriate security context. Navigate to the Security Context that holds the certificate. Select Manage Context. Select Delete beside the certificate name under Trusted Certificates.
2. 3. 4.
An imported certificate for a trusted server
1. 2. 3.
Related Topics
Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14
9-17
Chapter 9 Deleting Security Contexts And Certificates
9-18
CH A P T E R
10
Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage

Configure Cisco Unified Mobility Advantage to connect to the other servers in your network. Enterprise Adapters manage the information needed to allow Cisco Unified Mobility Advantage to connect to other enterprise servers that provide features and functionality. You can configure this information in the Configuration Wizard, or in the Admin Portal using the instructions in this chapter.

Configuring Connections to Clients through the Cisco Adaptive Security Appliance, page 10-1 Adding a New Enterprise Adapter, page 10-3 Viewing and Changing Enterprise Adapter Settings, page 10-4 Deleting an Enterprise Adapter, page 10-5 Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage, page 10-5
Configuring Connections to Clients through the Cisco Adaptive Security Appliance

Enter the information required in order for the Cisco Adaptive Security Appliance and Cisco Unified Mobile Communicator clients to communicate with Cisco Unified Mobility Advantage, and to allow users to access the User Portal.
Before You Begin

You will need the Proxy Host Name that you obtained in Obtaining IP Addresses and DNS Names from IT, page 1-3. You will need the port numbers you noted in Opening Firewall Ports, page 1-5. Create a security context that establishes the type of identity verification that Cisco Unified Mobility Advantage will require from the Cisco Adaptive Security Appliance. See Creating Security Contexts, page 9-7. If your Cisco Adaptive Security Appliance is in the DMZ, we recommend the overall configuration described in Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4.
10-1
Chapter 10 Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Configuring Connections to Clients through the Cisco Adaptive Security Appliance
Stop Cisco Unified Mobility Advantage if it is running. See Stopping Cisco Unified Mobility Advantage, page 11-1.
Procedure
Select the [+] beside System Management. Select Network Properties. Enter information: Setting Proxy Host Name Description Host name that clients will use to connect through the Cisco Adaptive Security Appliance to Cisco Unified Mobility Advantage. The hostname must be routable from the Internet. The Proxy Host Name should resolve to the external IP address that you received from your IT administrator. Proxy Client Connection Port Proxy Client Download Port The port that is used for secure communications between the Cisco Unified Mobile Communicator client and the Cisco Adaptive Security Appliance. The port through which clients connect to the Cisco Adaptive Security Appliance for wireless downloads of Cisco Unified Mobile Communicator. This field is not used for BlackBerry clients. However, you must enter a value even if you will deploy only to BlackBerry devices. Managed Server Information Client Connection Port The port that Cisco Adaptive Security Appliance uses to connect to Cisco Unified Mobility Advantage. The Cisco Adaptive Security Appliance translates this port to the Proxy Client Connection Port for Cisco Unified Mobile Communicator client connections to the Cisco Adaptive Security Appliance. User Portal Port The port users will use to access the Cisco Unified Mobile Communicator User Portal. The range is 9400-9500. The default is 9443. For security, this port should be available only behind your corporate firewall. Your Value
Proxy Server Information
10-2
Chapter 10
Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Adding a New Enterprise Adapter
Setting Client Download Port
Description The port on which users will download the client software. This port is translated to the Proxy Client Download Port for client connections to the Cisco Adaptive Security Appliance. This field is not used for BlackBerry clients. However, you must enter a value even if you will deploy only to BlackBerry devices.
Your Value
Security Context
Select the Security Context that governs connections with the Cisco Adaptive Security Appliance.
Step 4 Step 5
Select Submit. Start Cisco Unified Mobility Advantage (in Server Controls > Cisco > Control Server) when you are done making configuration changes.
Adding a New Enterprise Adapter

Add an enterprise adapter for each enterprise server in your deployment except Cisco Adaptive Security Appliance. You can have multiple adapters for each for the following server types:

Active Directory Exchange Cisco Unity
For details, see the settings information for each adapter.

Before You Begin
Prepare the information you will need in order to configure the adapter or adapters you need. See

About Active Directory Enterprise Adapter Settings, page A-1 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 About Cisco Unified Presence Enterprise Adapter Settings, page A-10 About Microsoft Exchange Enterprise Adapter Settings, page A-11 About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14
Procedure
Select the [+] beside Enterprise Configuration. Select Enterprise Adapters. Select Add new adapter. Enter or select the requested information. Select Submit.
10-3
Chapter 10 Viewing and Changing Enterprise Adapter Settings
Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage
Select the server you have added. Enter a name and description. Select Submit. Do the following for each tab:
a. b.
Enter configuration information using the information you gathered while completing the prerequisites for this procedure. For Release 7.0(2): Select Test Config to make sure the connection settings you entered are valid. Look for the test result at the top of the page, just below the tabs. Correct any errors indicated. Select Submit.
c. Step 10
Restart Cisco Unified Mobility Advantage when you are done making configuration changes.
Viewing and Changing Enterprise Adapter Settings

Before You Begin
Prepare the information you will need in order to configure the adapter or adapters you need. See
Stop Cisco Unified Mobility Advantage before you make changes. See Stopping Cisco Unified Mobility Advantage, page 11-1.
Procedure
Select the [+] beside Enterprise Configuration. Select Enterprise Adapters. Locate the adapter you want to view or change, and then select Edit. Select the appropriate tab. Change settings as desired. For Release 7.0(2): Check your configuration:
a. b. c.
Select Test Config for each tab to make sure the connection settings you entered are valid. Look for the test result at the top of the page, just below the tabs. Correct any errors indicated.
Step 7
Select Submit for each tab to save changes.
10-4
Chapter 10
Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Deleting an Enterprise Adapter
To discard changes, select Reset.

Step 8
Start Cisco Unified Mobility Advantage.
Deleting an Enterprise Adapter

Procedure
Select the [+] beside Enterprise Configuration. Select Enterprise Adapters. Locate the adapter to be deleted, and select Delete next to it. You may see a notice that you need to stop Cisco Unified Mobility Advantage before you can delete the adapter.
Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage

Directory Lookup settings are used to identify employees who call and are called by mobility users. Unidentified callers are listed in Cisco Unified Mobile Communicator by phone number only.
Restrictions
Follow this procedure if you are using Cisco Unified Communications Manager Release 4.x. If you have a different release of Cisco Unified Communications Manager, see Configuring Directory Lookup Rules in Cisco Unified Communications Manager, page 3-8 instead.
Before You Begin
Plan your required directory lookup rules. See:

Recommended Directory Lookup Settings, page 3-7 Directory Lookup Settings, page A-8
Procedure
Select the [+] beside Enterprise Configuration. Select Enterprise Adapters. Select Edit beside your Cisco Unified Communications Manager adapter. Select Directory Lookup Settings. Select Add New Rule. Enter specifics for the rule. Select Submit.
10-5
Chapter 10 Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage
Step 8 Step 9
Repeat Step 5 through Step 7 to add rules to account for all possible successful calls for all users in your system. Select the up or down arrow beside each rule in the list to order the rules so that no rule is inadvertently applied when a different rule should be applied first. For example, if the number of digits in the number is the same, a rule for a number beginning with 823 must be above a rule for a number beginning with 82, otherwise numbers beginning with 823 would all be processed by the rule for numbers beginning with 82.
Step 10
Related Topics
Configuring Directory Lookup Rules in Cisco Unified Communications Manager, page 3-8
10-6
CH A P T E R
11
Managing and Maintaining the Cisco Unified Mobility Advantage Server

Use these procedures to stop and start the server, to back up and maintain the server.

Starting Cisco Unified Mobility Advantage, page 11-1 Stopping Cisco Unified Mobility Advantage, page 11-1 Viewing Version and Configuration Information, page 11-2 Accessing the Cisco Unified Operating System Administration Portal, page 11-2 Backing Up Your Cisco Unified Mobility Advantage Server, page 11-3
Starting Cisco Unified Mobility Advantage

Procedure
Sign in to the Cisco Unified Mobility Advantage Admin Portal. Select the [+] beside Server Controls. Select Cisco. Select Control Server. Select Start next to Change Status. Cisco Unified Mobility Advantage has started when Server Status changes to Running.
Stopping Cisco Unified Mobility Advantage

In general, when you make system-level changes to Cisco Unified Mobility Advantage or associated enterprise servers, you must stop and then start Cisco Unified Mobility Advantage before the changes take effect.
11-1
Chapter 11 Viewing Version and Configuration Information
Before You Begin
Consider warning users that you will restart the system, that they will lose access, and that they must sign in again to Cisco Unified Mobile Communicator after you restart.
Procedure
Sign in to the Admin Portal. Select the [+] beside Server Controls. Select Cisco. Select Control Server. Select Stop next to Change Status. Cisco Unified Mobility Advantage is stopped when Server Status changes to Not Running.
Viewing Version and Configuration Information

You can review your Cisco Unified Mobility Advantage version and configuration information. You will need this information if you contact Cisco support.
Procedure
To View The installed version of Cisco Unified Mobility Advantage A summary of the ports and other configuration information for Cisco Unified Mobility Advantage The installed version of Cisco Unified Mobile Communicator on a client
Do This Select the [+] beside System Management, then select System Properties. Select the [+] beside System Management, then select Configuration Summary. In the Admin Portal:
1. 2. 3.
Select the [+] beside End Users, then select Search/Maintenance. Select Edit for the user. Select Phone Maintenance. Select Menu > Help > About.
On the client:
Accessing the Cisco Unified Operating System Administration Portal

Use this portal to access your operating system configuration. For more information, see the online Help in this portal.
11-2
Chapter 11
Managing and Maintaining the Cisco Unified Mobility Advantage Server Backing Up Your Cisco Unified Mobility Advantage Server
Before You Begin
You will need the platform administrator sign-in credentials you entered during installation. These are distinct from the Admin Portal sign-in credentials.
Procedure
Go to the Admin Portal URL, or sign out of the Admin Portal if you are signed in. Select Cisco Unified OS Administration from the list box at the top right of the page. Select Go. Sign in.
Backing Up Your Cisco Unified Mobility Advantage Server

The Disaster Recovery System assists you in preparing for and recovering from disasters that might affect your Cisco Unified Mobility Advantage server. We recommend that you back up your server using this procedure.
Before You Begin

The backup destination volume must be on the network and accessible through SFTP. The account that is used to access the SFTP server on which the backup is stored must have write permission for the selected path on that volume. Keep in mind that you will need to restore the backup to a server that has the identical version of the operating system and Cisco Unified Mobility Advantage installed.
Procedure
Go to the Admin Portal URL: Select Disaster Recovery System from the list box at the top right of the page. Select Go. Sign in with the platform credentials you entered while installing Cisco Unified Mobility Advantage. Select Backup > Backup Device. Select Add New. Enter information about your backup server: Option Backup Device Name Value Enter a name that contains only alpha numeric characters, spaces ( ), dashes (-) and underscores (_). No other characters are allowed. You will use this value to specify this server in subsequent steps. Select Destination Network Directory
11-3
Chapter 11 Backing Up Your Cisco Unified Mobility Advantage Server
Option Server Name Path name
Value IP address or hostname of the backup server Location on the backup server of the directory where you want to store the .tar file that holds your backup. Use a unique directory for each server to back up. Credentials to access the server. Specify a value high enough to ensure that the backups you want to keep are not overwritten.
User name Password Number of Backups to store
Step 8 Step 9
Select Save. Back up: To Back Up Manually Automate on a schedule Do this Select Backup > Manual Backup. Select Backup > Scheduler.
Step 10
Follow guidance on the page. This procedure creates a .tar file.
Related Topics
How To Recover From Server Failure, page 19-20
11-4
CH A P T E R
12
Enabling Features and Options in Cisco Unified Mobility Advantage

Enable features and their options in Cisco Unified Mobility Advantage. Be sure to perform the prerequisites noted at the beginning of each procedure.

Enabling Device ID Checking, page 12-1 Enabling Call Log Monitoring and Configuring Options, page 12-2 Enabling the Dial-Via-Office Feature and Options, page 12-3 Enabling and Configuring Voicemail, page 12-4 Enabling Conference Notifications, page 12-5 Enabling Exchange of Presence, page 12-5 Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6 Modifying the Maximum Search Results, page 12-7
Enabling Device ID Checking

Restrictions
This feature is not available for Release 3.x clients. You must configure each user on a Release 3.x client as follows: In End users > Search/Maintenance, set Allow any Device on the Device Identity Maintenance page for the user to True. Some mobile phone service providers cannot support this feature. For details, see the Restrictions and Limitations section of the Release Notes for this release at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html.
Procedure
Select the [+] beside System Management. Select System Properties. Set Enforce Device ID Check to True. Select Submit.
12-1
Chapter 12 Enabling Call Log Monitoring and Configuring Options
Step 5
What To Do Next
Configure the account of each user, regardless of device. See Restricting Access By Device, page 14-2.
Enabling Call Log Monitoring and Configuring Options

Cisco Unified Mobility Advantage integrates with Cisco Unified Communications Manager to provide office phone call log viewing capabilities on Cisco Unified Mobile Communicator.
Before You Begin
Configure requirements for supporting this feature. See How to Configure Call Log Monitoring, page 3-1.
Procedure
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Call Control Service. Enter information: Setting Enable Corporate PBX Integration Description Select Yes to allow Cisco Unified Mobile Communicator users to view lists of calls they make and receive on all of their office phones. Select No to allow Cisco Unified Mobile Communicator users to view only the calls they make and receive on Cisco Unified Mobile Communicator. If you set this to No, you will also disable the Dial-via-Office feature. Maximum Expiry of Call Enter the maximum number of days that users can keep call log data on their mobile phones before automatic cleanup. Logs (days)
Step 5 Step 6
Select Submit. Stop and then start Cisco Unified Mobility Advantage.
Related Topics
How to Solve Call Log Problems, page 19-8
12-2
Chapter 12
Enabling Features and Options in Cisco Unified Mobility Advantage Enabling the Dial-Via-Office Feature and Options
Enabling the Dial-Via-Office Feature and Options

This feature allows users to make calls from their mobile phones as if they were dialing from their desk phones.
Restrictions
This feature is supported only with certain versions of Cisco Unified Communications Manager. Check the Compatibility Matrix for supported versions: http://www.cisco.com/en/US/products/ps7270/products_device_support_tables_list.html. This feature is not supported for Cisco Unified Mobility Advantage Release 3.x clients.
Before You Begin
Configure requirements for supporting this feature. See How to Configure Dial Via Office, page 3-9.
Procedure
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Call Control Service. Set options: Setting Enable Corporate PBX Integration Description Select Yes to provide the Dial-via-Office feature for Cisco Unified Mobile Communicator. If you set this to No, you will also disable office phone call log viewing capabilities. Enable Dial via Office Dial Via Office Policy Select Yes or No. Select an option:
Force Dial Via Office to require all users to make all mobile phone calls via their office numbers. If calls cannot be dialed via office for any reason, they can be dialed directly from the mobile device.
User Option to allow users to choose which calls they dial direct and which they dial via office.
Dial via Office Emergency Numbers
Specify numbers that will always be dialed direct from the mobile phone and never via the corporate PBX system. Separate the list with a comma between each number. Enter the numbers as they would be dialed directly from the mobile phone, for example 112,911,999. These should include emergency numbers and can include numbers such as directory information. Include emergency numbers from all countries to which your users will travel.
12-3
Chapter 12 Enabling and Configuring Voicemail
Step 5 Step 6
Related Topics
How to Solve Problems With the Dial Via Office Feature, page 19-10
Enabling and Configuring Voicemail

Cisco Unified Mobility Advantage integrates with your corporate voicemail system, and provides voicemail viewing and downloading capabilities on Cisco Unified Mobile Communicator.
Before You Begin

Deploy your voicemail server and verify that it works independently of Cisco Unified Mobility Advantage. If applicable, configure Cisco Unity to allow Cisco Unified Mobility Advantage to provide secure voice messages to clients. See How to Install and Configure Voicemail Web Services at http://www.cisco.com/en/US/docs/voice_ip_comm/cupa/visual_voicemail/7.0/english/install/guide /install.html#wp1095897. Voicemail Web Services is a separate installer and was introduced in Cisco Unity Release 7.0(2) ES21. Configure an enterprise adapter for your voicemail server. See About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14 Make sure the DTMF code for accessing voicemail is unique in Cisco Unified Communications Manager. See Important Information About DTMF Access Codes, page 3-12.
Procedure
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Voicemail Service. Enter information: Setting Enable Corporate Voicemail Integration Description Select whether or not Cisco Unified Mobility Advantage connects to your corporate voicemail system and provides voicemail viewing and downloading capabilities on Cisco Unified Mobile Communicator.
Maximum Expiry of Voicemails Enter the maximum number of days that voice messages will be (days) listed in Cisco Unified Mobile Communicator.
Step 5 Step 6
12-4
Chapter 12
Enabling Features and Options in Cisco Unified Mobility Advantage Enabling Conference Notifications
Related Topics
How to Solve Voicemail Problems, page 19-12
Enabling Conference Notifications

Cisco Unified Mobility Advantage integrates with your Cisco Unified MeetingPlace or Cisco Unified MeetingPlace Express conferencing system, and provides conference notifications and viewing capabilities on Cisco Unified Mobile Communicator. Cisco Unified Mobility Advantage takes conference information from user calendars in Microsoft Exchange. You do not need to configure anything additional in your conferencing application or create an adapter for the conferencing server.
Procedure
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Conference Service. Select whether or not Cisco Unified Mobility Advantage provides conference notifications and viewing capabilities on Cisco Unified Mobile Communicator. Do not change the other options unless users are experiencing problems with conferencing notifications. Select Submit. Stop and then start Cisco Unified Mobility Advantage.
Step 5 Step 6
Related Topics

Conference Alerts Not Arriving Correctly, page 19-16 Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6
Enabling Exchange of Presence

Users can view the availability status of other users to help them determine when and how to effectively reach each other. They can set their own status to manage interruptions.
Restrictions
This feature requires a Cisco Unified Presence server.

Before You Begin
Make sure that you have completed the following:

Chapter 4, Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage Configuring an enterprise adapter for Cisco Unified Presence. See About Cisco Unified Presence Enterprise Adapter Settings, page A-10. Configuring a Presence Account for Each User in Cisco Unified Communications Manager, page 3-24
12-5
Chapter 12 Obtaining Calendar Information for Meeting Notifications and Presence Integration
Procedure
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Presence Service. Set Enable Presence Service to Yes. Select Submit. Stop and then start Cisco Unified Mobility Advantage.
Related Topics

How to Solve Problems with Availability Status (Presence), page 19-14 Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6
Obtaining Calendar Information for Meeting Notifications and Presence Integration

You can configure Cisco Unified Mobility Advantage to get calendar appointments in order to update the availability status of users and to provide conference notifications for activated users from the Exchange Server.
Note
Cisco recommends that you do not change the settings below unless users are experiencing problems that can be clearly tied to these settings.
Before You Begin
Make sure that you have enabled Outlook integration in Cisco Unified Presence. See the documentation for Cisco Unified Presence, for example the Integration Note for Configuring Cisco Unified Presence Release 7.0 with Microsoft Exchange at http://www.cisco.com/en/US/docs/voice_ip_comm/cups/7_0/english/integration_notes/ExchInt.html.
Procedure
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Conference Service. Enter information: Item Polling Period (sec) Description Polling period for the calendar in seconds. Default 600
12-6
Chapter 12
Enabling Features and Options in Cisco Unified Mobility Advantage Modifying the Maximum Search Results
Item Max Threads Polling Offset (min)
Description Maximum number of concurrent threads used to fetch appointments. Amount of scan ahead time used by the server to scan conference appointments ahead of time.
Default 25 10
Step 5 Step 6
Modifying the Maximum Search Results

You can change the default maximum number of contacts to display on the client when a user searches the directory.
Procedure
Select the [+] beside System Management. Select System Properties. Enter the number of results to display in Max Search Results. Stop and then start Cisco Unified Mobility Advantage.
12-7
Chapter 12 Modifying the Maximum Search Results
12-8
CH A P T E R
13
Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage
Use the information in this chapter to make client software available for use and upgrade, and to set provisioning and connection options.

How to Make Client Software Available for Use, page 13-1 How To Manage Client Software, page 13-3 How To Control User Access, page 13-5
How to Make Client Software Available for Use

Obtaining Client Software and Upgrades, page 13-1 Uploading a Cisco Unified Mobile Communicator Release, page 13-2 Determining Supported Devices and Service Providers, page 13-2
Obtaining Client Software and Upgrades

Cisco Unified Mobile Communicator client software for all platforms, devices, service providers, and languages supported in each release is distributed as a single file with a .oar filename extension. Each .oar file includes:

Cisco Unified Mobile Communicator software files Information about supported service providers Information about supported mobile phone models and operating system versions
You can obtain the .oar file on disk or download it from Cisco.com using the procedure below.
Procedure
Step 1
Visit:
13-1
Chapter 13 How to Make Client Software Available for Use
http://tools.cisco.com/support/downloads/go/Model.x?mdfid=281001428&mdfLevel=Software%20Fa mily&treeName=Voice%20and%20Unified%20Communications&modelName=Cisco%20Unified%20 Mobile%20Communicator&treeMdfId=278875240

Step 2
Download the relevant client release to a volume that is accessible from your Cisco Unified Mobility Advantage server.
What To Do Next
Upload this .oar file into Cisco Unified Mobility Advantage to enable users to install individual clients. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2.
Uploading a Cisco Unified Mobile Communicator Release

When you obtain a new release of Cisco Unified Mobile Communicator, upload the .oar file to Cisco Unified Mobility Advantage to make individual client software versions available for installation.
Before You Begin
Obtain the client software. See Obtaining Client Software and Upgrades, page 13-1.
Procedure
Select the [+] beside Handset Platform Management. Select Upload New Version. Select Browse and locate the Cisco Unified Mobile Communicator release. This file has a .oar filename extension. Select Submit. When the upload is complete, you will see a summary of the supported clients Select Here to exit the summary.
Step 4
Step 5
Determining Supported Devices and Service Providers

Choose supported devices for Release 7.x and Release 3.x clients. Devices that Cisco Unified Mobility Advantage supports for Release 3.x clients vary by country and service provider. Use this procedure to view and select from available device options. You can restrict the countries, service providers, and devices that you will support. More supported variations adds flexibility for your users, while fewer supported variations simplifies control and management of your client base.
Before You Begin
Perform the operation in Uploading a Cisco Unified Mobile Communicator Release, page 13-2.
13-2
Chapter 13
Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage How To Manage Client Software
Procedure
Select the [+] beside Handset Platform Management. Select Provisioning Management. Select Provisioning Configuration. Select a country to view supported service providers there. For Release 7.0(2): Choose Other if you do not see your country. Select a service provider to view the devices that that provider supports. For Release 7.0(2): Choose Other if you do not see your provider. Nokia Symbian clients include Release 7.0 (for English) and Release 3.x (for other languages.) BlackBerry devices that run Release 3.x client software languages other than English are followed by a code that indicates the language:

Step 5
de = German en = English es = Spanish fr = French it = Italian
Step 6
Select each country, service provider, and device to support. Selecting an entity selects each item in the list under that entity, whether or not you see the list. Deselect items as needed, or start by selecting each device to support.
Step 7
Select Submit.
What To Do Next

Installing the Client on Nokia Symbian Phones from Your Computer, page 17-3 Chapter 15, Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Chapter 16, Deploying Cisco Unified Mobile Communicator on BlackBerry Devices How to Make the Client Application Available to Users, page 16-3.
How To Manage Client Software

Viewing Your Uploaded Cisco Unified Mobile Communicator Versions, page 13-3 Managing Support for Obsolete Devices, page 13-4
Viewing Your Uploaded Cisco Unified Mobile Communicator Versions

See which Cisco Unified Mobile Communicator versions you have uploaded to the Cisco Unified Mobility Advantage server. If you support multiple locations, service providers, device models, or languages, you may have more than one installer for each platform.
13-3
Chapter 13 How To Manage Client Software
Procedure
Select the [+] beside Handset Platform Management. Select Version Management. View information: Field Installer Description Installer for the specified country, service provider, device model, and language, if any are specified. For BlackBerry, each language requires a different installer. For Nokia Symbian, there are separate choices for Release 7.0 and for Release 3.x. The installation method and the installation instructions displayed during provisioning may differ between different installers for the same generic platform. Platform Version Operating system of the mobile device Installed version of Cisco Unified Mobile Communicator for the selected platform.
Related Topics
Uploading a Cisco Unified Mobile Communicator Release, page 13-2
Managing Support for Obsolete Devices

In the future, current phone models may become obsolete. If a phone model is no longer included in a newly-uploaded .oar file, it appears in a list of unsupported devices. Use this procedure to identify users of unsupported devices and to disable the client application on their obsolete devices, in preparation for moving them to supported devices. After you delete a device using this procedure, the user can no longer use Cisco Unified Mobile Communicator and the phone no longer appears in the Admin Portal or the User Portal.
Before You Begin
Notify affected users that Cisco Unified Mobility Advantage no longer supports their devices, that you will disable Cisco Unified Mobile Communicator on those devices, and that the users will no longer be able to use Cisco Unified Mobile Communicator or access any personal contact information or information in text messages.
Procedure
Select the [+] beside Handset Platform Management. Select Provisioning Management. Select Unsupported Phone Maintenance. Select a phone model in the list, or enter a phone model and select Search.
13-4
Chapter 13
Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage How To Control User Access
Step 5
Delete all unsupported devices, or select individual users and delete their devices.
How To Control User Access

Changing the PIN Expiry Period (For Client Downloads), page 13-5 Changing Required Frequency for Signing In, page 13-5
Changing the PIN Expiry Period (For Client Downloads)

Determine the number of days after the phone is added to Cisco Unified Mobility Advantage that users can wirelessly download and install the client on the phone (Windows Mobile and Nokia Symbian phones only). This expiration period does not affect manual provisioning; users can download and install from their computers at any time.
Procedure
Select the [+] beside System Management. Select System Properties. Enter a number for Max PIN Expiry (days). Restart Cisco Unified Mobility Advantage.
Changing Required Frequency for Signing In

You can specify how often users must sign in to Mobile Communicator. For example, you might want them to sign in more frequently for greater security, or less frequently for ease of use.
Procedure
Select the [+] beside System Management. Select System Properties. Enter a number of days for the Session Timeout. Restart Cisco Unified Mobility Advantage.
13-5
Chapter 13 How To Control User Access
13-6
CH A P T E R
14
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage
Use the information in this chapter to perform operations for each user and for devices associated with each user.

How To Add Users and Prepare to Add Their Devices, page 14-1 How To View or Change User and Device Configuration, page 14-4
How To Add Users and Prepare to Add Their Devices

Perform the following tasks to enable each user and prepare user accounts for the addition of devices.

Activating Users, page 14-1 Restricting Access By Device, page 14-2 Information to Give to Users, page 14-3
Activating Users
You must activate users in Cisco Unified Mobility Advantage before they can install the client.
Before You Begin

Make sure each user is in an Active Directory server for which you have configured an adapter. Each user must have an activated email account on the network. Make sure that your Cisco Unified Mobility Advantage system is fully configured, enterprise servers are configured and operational, and desired features supported by your system are enabled and configured. (BlackBerry only) Configure the BlackBerry Enterprise Server for use with Cisco Unified Mobility Advantage. See How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage, page 16-1.
14-1
Chapter 14 How To Add Users and Prepare to Add Their Devices
Procedure
Sign in to the Admin Portal. Select the [+] beside End Users. Select User Activation/Deactivation. Inactive users appear in the Search Results list. Activated users appear in the Member List. Select a directory to search using the Find Users In drop-down menu. Enter a name or partial name in the Search For field, or leave the field blank to produce every name in the selected directory. Select Search. Found names appear in the Search Results window.
Note
Search looks for unactivated users only. A maximum of 1,000 inactive users can be listed. If you do not see the user you want to activate in the list, refine your search. To search for activated users, you must manually scroll through the list. The list of active users is not limited to 1,000. Select a name or names to activate in the Search Results list. Control-click to select multiple names. Select Add. The user or users are placed in the active Member List. Select Submit.
Step 7
Step 8
Step 9
What To Do Next
Set options to restrict access by device. See Restricting Access By Device, page 14-2. (Cisco Unified Mobility Advantage Release 7.0 only) By default, new users of Release 3.x clients will not be able to connect.
Restricting Access By Device

For each user, you choose whether any devices associated with that user can connect to Cisco Unified Mobility Advantage, or whether only a specific phone can connect, based on the International Mobile Equipment Identity/Electronic Serial Number (IMEI/ESN Number) of the phone. Mobile phones are uniquely identified by their IMEI/ESN number.
Restrictions

Do not enable this feature for users of Release 3.x clients. Some mobile phone service providers cannot support this feature. For details, see the Restrictions and Limitations section of the Release Notes for this release at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html.
Before You Begin
Activate each user. See Activating Users, page 14-1.
14-2
Chapter 14
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage How To Add Users and Prepare to Add Their Devices
Enable this feature for the system. See Enabling Device ID Checking, page 12-1.
Procedure
Select the [+] beside End Users. Select Search Maintenance. Search for a user Select Edit for the user. Select Device Identity Maintenance. Set these settings: Option Allow Any Device Description Select True:

To allow any device to connect with the credentials of this user. If the service provider does not support this feature, as described in the Restrictions section of this topic. If the user will use Release 3.x of the client application.
Select False to allow only the phone having the IMEI/ESN Number you specify to connect. IMEI/ESN Number If you chose False above, enter the IMEI/ESN Number of the mobile phone, or the user will not be able to connect.
Step 7
Select Submit.
What To Do Next
Add a phone for each user. See the following:

Chapter 15, Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Chapter 17, Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Provisioning and Installing on BlackBerry Devices, page 16-9
Information to Give to Users

Give users the tools and information they need in order to use Cisco Unified Mobile Communicator.

Their user IDs and passwords to sign in to the User Portal and Cisco Unified Mobile Communicator. The URL of the User Portal The User Portal URL follows this example: https://192.0.2.100:9443/jsp/index.jsp, where 192.0.2.100 is the IP address of your Cisco Unified Mobility Advantage server and 9443 is the value you entered for User Portal Port in the Network Properties page.
14-3
Chapter 14 How To View or Change User and Device Configuration
User documentation or a link to it. See: http://www.cisco.com/en/US/products/ps7271/products_user_guide_list.html. Each device type has a slightly different set of user documentation. Instructions about which installation procedures in the documentation they need to follow in order to complete Cisco Unified Mobile Communicator setup, particularly if you have performed some of the procedures yourself. The format users should use to enter their phone numbers when adding and provisioning their phones. For example, with or without a country code, parentheses, hyphens, or spaces, depending on how phone numbers are configured in Cisco Unified Communications Manager. (For users of BlackBerry devices) The Admin email address that you entered while configuring the connection to the SMTP server, plus the instructions for configuring Microsoft Outlook so that it does not route provisioning and alert messages to the Junk Mail folder. (For upgrades from Release 3.x only) Notify existing users that:
If voicemail credentials differ from Cisco Unified Mobile Communicator credentials, users
must enter their voicemail usernames and passwords in the User Portal before they can access voicemail from their mobile devices. Users can always access their voicemail from other standard methods, such as from their desk phones.
BlackBerry users should upgrade their client software. Users of Nokia Symbian phones who use the French, German, Spanish, or Italian client do not
need to upgrade from Release 3.x.

Users of Nokia Symbian phones who use the English client should upgrade to client Release 7.0
in order to use the new features. However, they cannot use the standard upgrade procedure. Instead, they must delete their existing phones from the User Portal, then add their phones again as new phones. When they sign in to the new client, their data will be restored on the new client. For best results, they should connect to the server immediately before they delete their phones in order to ensure that no data that was added to their client since the last connection is lost.
Related Topics
Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail, page 16-8
How To View or Change User and Device Configuration

After you have added users and their devices have been added and provisioned, you can perform any of the following operations:

Viewing User Information, page 14-5 Changing the Active Directory Organizational Unit for Users, page 14-5 Viewing Phone and Connection Information Per User, page 14-6 Changing or Deleting a Mobile Device, Number, or Service Provider, page 14-7 Desk Phone Number Changes, page 14-8 Removing Cisco Unified Mobile Communicator Data from a Phone, page 14-8 Forcing a User to Sign Out of Mobile Communicator, page 14-8 Deactivating a User, page 14-9
14-4
Chapter 14
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage How To View or Change User and Device Configuration
Viewing User Information

Procedure
Select the [+] beside End Users. Select Search/Maintenance. Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search. Select Edit. View information:

User address Status in the system (Active or Inactive) User OU (Organization Unit in Active Directory) User Contact Server (Exchange server) Information about active mobile phones.
Related Topics

Viewing Phone and Connection Information Per User, page 14-6 Changing the Active Directory Organizational Unit for Users, page 14-5
Changing the Active Directory Organizational Unit for Users

If a user is reassigned to a different Organizational Unit in Active Directory, you must update the Organizational Unit for that user in Cisco Unified Mobility Advantage.
Procedure
Select the [+] beside End Users. Select Search/Maintenance. Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search. Select Edit next to the user ID. Select Change Organizational Unit. Select Change. Enter information. Select Change.
14-5
Viewing Phone and Connection Information Per User

This is the same information that users see in the User Portal. Users use this information to provision their clients and connect to the server.
Procedure
Step 1 Step 2
Select the [+] beside End Users. Select Search/Maintenance. The Search/Maintenance page displays activated users. Locate the user and choose Edit. View the keep-alive interval for each phone in the list. Cisco Unified Mobile Communicator automatically adjusts the timeout interval to prevent unintended disconnects.
Step 3 Step 4
Step 5 Step 6
Select Info for the phone you want to view. View information: Download Information User ID PIN (Windows Mobile and Nokia Symbian only) URL (Windows Mobile and Nokia Symbian only) Download Description The User ID that the user will use to sign in to Cisco Unified Mobile Communicator. The PIN number the user will use to wirelessly download Cisco Unified Mobile Communicator. This PIN is automatically generated and expires after the number of days you specify in System Management > System Properties. The URL the user will enter into the phone browser to wirelessly download Cisco Unified Mobile Communicator. Select this button to download the client application to a computer for transfer to the mobile device using an application such as ActiveSync (for Windows Mobile) or Nokia PC Suite (for Nokia Symbian phones.) The world-routable host name the user will enter into Cisco Unified Mobile Communicator to connect to Cisco Unified Mobility Advantage. This is the same as the Proxy Host Name in System Management > Network Properties. Server Port The externally-accessible port that the user will enter into the phone for Cisco Unified Mobile Communicator to connect to Cisco Unified Mobility Advantage.
Connection Information Server Address
14-6
Chapter 14
Download Information Recommended Access Point(s)
Description Some service providers, particularly in the United States, require or recommend that users access the internet through a portal that the service provider provides. This information is provided in the .oar file.
Phone Information Country Service Provider Phone Make/Model Phone Number Client Software Version Country of the phone service provider Service provider for the phone Phone make and model Phone number Cisco Unified Mobile Communicator version installed on the phone
Related Topics
Changing the PIN Expiry Period (For Client Downloads), page 13-5
Changing or Deleting a Mobile Device, Number, or Service Provider

In Cisco Unified Mobility Advantage Release 7.x, it is not possible to change device information. You must delete the existing device and add a new device.
Before You Begin
Make sure the user has salvaged information from Cisco Unified Mobile Communicator, such as manually-added contacts or copies of text messages.
Procedure
Do This
Step 1
See Instructions:
(If the phone number has changed) Configure Configuring Cisco Unified Mobile Cisco Unified Communications Manager with the Communicator Devices in Cisco Unified new number. Communications Manager, page 3-21 Delete the existing mobile device. This also removes all data from the device and deactivates Cisco Unified Mobile Communicator. This procedure deletes the phone from Cisco Unified Mobility Advantage. Removing Cisco Unified Mobile Communicator Data from a Phone, page 14-8
Step 2
Step 3
Add and provision a new phone for the user.
Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage, page 15-1 Provisioning and Installing on BlackBerry Devices, page 16-9 Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network, page 17-2
14-7
Related Topics
Deactivating a User, page 14-9
Desk Phone Number Changes

If the primary line (generally the desk phone number) of a user changes in Cisco Unified Communications Manager, the user must reset the mobile device by logging out and then logging back in to Cisco Unified Mobile Communicator.

You can force a user to sign out of Cisco Unified Mobile Communicator. You can tell users to sign out by selecting Work offline (for BlackBerry or Nokia Symbian clients) or Log off (for Windows Mobile) from the Home view menu. (They must select Work online or Log on to log back in.)
Related Topics
Forcing a User to Sign Out of Mobile Communicator, page 14-8
Removing Cisco Unified Mobile Communicator Data from a Phone

If a phone is lost or stolen, you can remove all of the corporate and personal data downloaded onto that phone by Cisco Unified Mobile Communicator, including contact information, call logs, voice messages, text messages, and conference alerts. This process also disables Cisco Unified Mobile Communicator. The data will be erased the next time the Cisco Unified Mobile Communicator client connects to the server. This process does not remove Cisco Unified Mobile Communicator from the phone or remove information on the phone that is outside of Cisco Unified Mobile Communicator. This process also deletes the phone from the list of phones associated with the user in the Admin Portal.
Procedure
Select the [+] beside End Users. Select Search/Maintenance. Locate the user and select Edit. Locate the phone from which you want to remove data and select Melt.
Forcing a User to Sign Out of Mobile Communicator

You can log a user out of Cisco Unified Mobile Communicator. The user must sign in again to resume using the application. This can be useful when:

You add or change an office phone for the user in Cisco Unified Communications Manager. A user cannot find the phone, but does not believe that the phone is lost.
14-8
Chapter 14
Procedure
Select the [+] beside End Users. Select Search/Maintenance. Locate the user in the list and select Edit. Locate the phone from which you want to force the user to sign out, and select Force Logout.
Deactivating a User
Procedure
Step 1 Step 2
Select the [+] beside End Users. Select User Activation/Deactivation. The User Activation/Deactivation page displays inactive users (under Search Results) and activated users (under Member List).
Select a directory to search using the Find Users In drop-down menu. Enter a name or partial name in the Search For field, or leave the field blank to produce every name in the selected directory. Select Search. Found names appear in the Member List window. Select or control-click the name or names to deactivate in the Member List window. Select Remove. Select Submit.
Related Topics
Activating Users, page 14-1
14-9
14-10
CH A P T E R
15
Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage

Provisioning Windows Mobile Phones for the First Time, page 15-1 Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones, page 15-2
Provisioning Windows Mobile Phones for the First Time

You can complete the provisioning process using the procedure in this section or users can complete it in the Cisco Unified Mobile Communicator User Portal. Instructions for users are in the Quick Start Guide for Cisco Unified Mobile Communicator for Windows Mobile Phones. In either case, complete the requirements in the Before You Begin section.
Before You Begin

Upload the client software to Cisco Unified Mobility Advantage. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2 See How To Add Users and Prepare to Add Their Devices, page 14-1. Configure the device for the user. See Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21. If you will provision the phone yourself, make sure the phone is with you and able to send and receive data.
Procedure
Select the [+] beside End Users. Select Search Maintenance. Search for the user. Select Edit next to the user. Select Add Phone. Enter or select the required information:
15-1
Chapter 15 Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones
Option Country Service Provider Phone Make/Model
Description Select the country of the service provider. Select phone service provider. For Release 7.0(1): Select phone model. For Release 7.0(2): Select your Windows Mobile operating system release.
Language Phone Number
Select language. Enter the area code and phone number for the phone you are adding in the following format: 5555555555. This phone number must exactly match the Destination Number you entered for the Mobile Identity when you configured the device for the user.
Turn on the phone. Select Next on the Admin Portal. Make note of the phone provisioning information displayed on the portal. This information is needed when you download and install Cisco Unified Mobile Communicator on the phone, as described next. Open the URL displayed on the portal on the phone:
a. b.
Open the browser on the phone. Enter the URL.
Enter the user ID and PIN and select Submit. Select Yes when prompted to download Cisco Unified Mobile Communicator. When complete, you receive a message stating the installation was successful. Press the End or Back key on the phone to return to the main menu. Give the phone to the user. The user can now start and sign in to Cisco Unified Mobile Communicator. Refer users to the User Guide for Cisco Unified Mobile Communicator for Windows Mobile Phones.
Related Topics
Chapter 16, Deploying Cisco Unified Mobile Communicator on BlackBerry Devices.
Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones

After you have performed the prerequisites in this section, upgrade the client software on each device. To have Windows Mobile users perform the upgrade themselves, perform the prerequisites for this procedure, then have users follow the upgrade procedure in the Quick Start Guide for Cisco Unified Mobile Communicator for Windows Mobile Phones, Release 7.x.
Before You Begin
Obtain the new client software. See Obtaining Client Software and Upgrades, page 13-1.
15-2
Chapter 15
Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones
Upload the Cisco Unified Mobile Communicator upgrade files for supported devices to the Cisco Unified Mobility Advantage server. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2. If you will perform the upgrade, make sure:
the device is with you and powered on the battery is charged the phone can connect to the internet
Procedure
Select the [+] beside End Users in the Admin Portal. Select Search/Maintenance to display a list of activated users. Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search. Select Edit next to the user ID. Select Upgrade next to the phone you want to upgrade. The Upgrade icon displays only when there is a newer version of Cisco Unified Mobile Communicator available on the server than the one installed on the phone.
Select Yes to confirm the upgrade. Respond to the prompts to complete the software upgrade. Select Finish when the upgrade is complete. Give the mobile device to the user and tell the user to sign in to Cisco Unified Mobile Communicator.
15-3
Chapter 15 Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones
15-4
CH A P T E R
16
Deploying Cisco Unified Mobile Communicator on BlackBerry Devices

Revised Date: August 13, 2009
BlackBerry devices running the latest Release 3.x version of Cisco Unified Mobile Communicator will run with Cisco Unified Mobility Advantage Release 7.x, but users will not have Release 7.x features. See the Release Notes for limitations. Configure the BlackBerry Enterprise Server and Cisco Unified Mobility Advantage as follows:

How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage, page 16-1 How to Make the Client Application Available to Users, page 16-3 Configuring Cisco Unified Mobility Advantage to Send Provisioning Messages to BlackBerry Devices, page 16-7 Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail, page 16-8 Provisioning and Installing on BlackBerry Devices, page 16-8
How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage

Configuring IT Policies, page 16-1 Configuring Software Configuration Policies, page 16-2
Configuring IT Policies
Configure the following IT Policy settings on the BlackBerry Enterprise Server to enable the installation of third-party applications.
Procedure
Step 1
Open the BlackBerry Manager.
16-1
Chapter 16 Deploying Cisco Unified Mobile Communicator on BlackBerry Devices How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage
Select the BlackBerry domain. Select Global tab > Edit Properties link > IT Policy. Select affected IT Policy, and select Properties. Select Security Policy Group. Set Disallow Third Party Application Download to False. Select TCP Policy Group. Set the following values for each GSM mobile phone service provider. In the U.S., these settings are: T-Mobile:

APNwap.voicestream.com Usernameleave blank Passwordleave blank APNwap.cingular Usernamewap@cingulargprs.com Passwordleave blank
AT&T/Cingular:

Note
If you have multiple GSM mobile phone service providers, you must create multiple IT policies with different values in this field. For non-GSM mobile phone service providers, these values can be set to any value.
Configuring Software Configuration Policies

Procedure
Open the BlackBerry Manager and select the BlackBerry domain. Select the Software Configurations tab. Select Manage Application Policies. Select Policy and select Properties Set these properties: Policy Disposition Internal Network Connection Setting Required Allowed
16-2
Chapter 16
Deploying Cisco Unified Mobile Communicator on BlackBerry Devices How to Make the Client Application Available to Users
What To Do Next
Install and configure Cisco Unified Mobility Advantage, and configure enterprise servers as applicable.
How to Make the Client Application Available to Users

Perform the following procedures in order:

Allowing Third Party Application Downloads from the BlackBerry Enterprise Server, page 16-3 Downloading the BlackBerry Client Installer from Cisco Unified Mobility Advantage, page 16-4 Placing the Client Software on the BlackBerry Enterprise Server, page 16-5 Creating a Software Configuration File and Deploying it to Users, page 16-6
Allowing Third Party Application Downloads from the BlackBerry Enterprise Server
Note
For security reasons, some BlackBerry Enterprise Server configurations do not allow third party application downloads. You must temporarily allow third party application downloads in order to deploy Mobile Communicator on BlackBerry Devices. For more information on policy and software configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide.
Procedure
Sign in to the BlackBerry Enterprise Server. Select Global. Select Edit Properties. Select IT Policies in the IT Policy Administration window. Highlight IT Policies and select the More button located on the far right of the screen. You should see any policies that have already been provisioned. Select Properties and find the Security Policy Group. Select on the Security Policy Group.
16-3
Chapter 16 How to Make the Client Application Available to Users
Step 8
Locate the Disallow Third Party Application Download setting and select False.
Step 9
Select OK.
Downloading the BlackBerry Client Installer from Cisco Unified Mobility Advantage
Before You Begin
Upload the client software to Cisco Unified Mobility Advantage. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2
Procedure
Step 1 Step 2
Select the [+] beside Handset Platform Management in the Admin Portal. Select Version Management.
16-4
Chapter 16
Deploying Cisco Unified Mobile Communicator on BlackBerry Devices How to Make the Client Application Available to Users
Step 3 Step 4
Select Download next to the BlackBerry device to download the Cisco Unified Mobile Communicator.zip file to your system. Extract the .zip file.
Placing the Client Software on the BlackBerry Enterprise Server

Before You Begin
Complete the following:
Allowing Third Party Application Downloads from the BlackBerry Enterprise Server, page 16-3
Procedure
Step 1
Browse to this location on the BlackBerry Enterprise Server to place the Cisco Unified Mobile Communicator files into a new share: C:\Program Files\Common Files\Research In Motion Create a placeholder folder titled \Shared\Applications for the Cisco Unified Mobile Communicator files: C:\Program Files\Common Files\Research In Motion\Shared\Applications Create a folder titled \cisco_umc within the \Applications folder: C:\Program Files\Common Files\Research In Motion\Shared\Applications\cisco_umc Place the following two files in the \cisco_umc folder (XX represents the language):

Step 2
Step 3
Step 4
cisco_umc_XX.cod cisco_umc_XX.alx Change to the Apploader directory: C:\Program Files\Common Files\Research In Motion\Apploader Run loader.exe /index. Browse to this location: C:\Program Files\Common Files\Research In Motion Select Everyone under Group or user names on the Share Permissions folder. Select Allow next to Read under Permissions for Everyone.
Step 5
Run the loader.exe program:

a.
b. Step 6
Set up the folder as a share:

a.
b. c. Step 7
Select OK.
16-5
Chapter 16 How to Make the Client Application Available to Users
Creating a Software Configuration File and Deploying it to Users

Note
See the RIM document Creating a Software Configuration BlackBerry Enterprise Server Quick Start Supplement for more information.
Procedure
Sign in to the BlackBerry Manager-Security Administrator Authority. Select the Software Configurations tab on the BlackBerry Domain (near the top of the window). Select Add New Configuration. Type a name and description for the software configuration file that will contain the Cisco Unified Mobile Communicator application in the Configuration Name and Configuration Description fields. For example, Mobile Communicator Deployment. Enter the UNC name (not the local file path) in the Device Software Share Location field. Select OK. A list of device software and applications appears. The list includes the Cisco Unified Mobile Communicator application.
Step 5 Step 6
Set the Delivery to Wireless Only. Select the Policies button. Set the Application Control policies as shown in this example:
Select OK. Start the BlackBerry Handheld Manager. Select Users.
16-6
Chapter 16
Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Configuring Cisco Unified Mobility Advantage to Send Provisioning Messages to BlackBerry Devices
Select the user name. Select Assign Software Configuration under Device Management. Locate the name of the Cisco Unified Mobile Communicator software configuration file you created in Step 4. For example, Mobile Communicator Deployment. Select OK. The BlackBerry Enterprise Server polls BlackBerry Devices every four hours. At that time, the server deploys any new or missing applications to the BlackBerry Devices.
Step 16
Configuring Cisco Unified Mobility Advantage to Send Provisioning Messages to BlackBerry Devices
Use SMTP Server Configuration to enable the Cisco Unified Mobility Advantage to send email messages to BlackBerry devices.
Before You Begin
Make sure that your SMTP Server allows relaying from Cisco Unified Mobility Advantage. For information, contact your SMTP administrator.
Procedure
Select the [+] beside System Management. Select SMTP Server Configuration. Enter information: Item Host Name Description Hostname of your SMTP gateway. This must be the same as your Exchange hostname if you use the Exchange server as your SMTP gateway. Port number for the SMTP gateway. Usually, this is 25. Identifies whether or not your organization requires authentication on the mail server. If the value for this field is True, you will need to enter a password apart from an Admin Email address (see next two fields). Email address for the administrator responsible for management of Cisco Unified Mobility Advantage. Cisco Unified Mobility Advantage uses this email address to send provisioning emails and alerts to BlackBerry users. SMTP Authentication Password Password associated with the Admin Email address. Required only if the SMTP server requires authentication.
Port Authentication Required
Admin Email
16-7
Chapter 16 Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail
Step 4 Step 5
Select Submit. Restart Cisco Unified Mobility Advantage to activate the settings.
Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail
Have users perform the following procedure to prevent Microsoft Outlook from treating BlackBerry provisioning email messages as junk mail.
Before You Begin
Note the Admin Email address in the Admin Portal under System Management > SMTP Server Configuration. You will provide this to users.
Procedure
Open Microsoft Outlook. Open the Tools menu and select Options. Select Preferences. Select the Junk e-mail button, and then select the Safe Senders tab. Select Add. Enter the Admin email address, and select OK. Select OK again to complete the configuration. Continue to check your Junk mailbox and, if necessary, disable junk-mail blocking during provisioning.
Provisioning and Installing on BlackBerry Devices

You can use the procedure in this section to:

Add a phone for each user Install the client software You can use the procedure in this topic. You can have users add their own phones in the User Portal. However, you must still complete the requirements in the Before You Begin section of this procedure. Refer users to the Cisco Unified Mobile Communicator 3.x Quick Start Guide for BlackBerry Devices.
There are two ways to add phones:

There are three ways to install the client software on BlackBerry devices:

You can automate installation from the BlackBerry Enterprise Server. However, each phone must still be associated with its user using one of the methods mentioned above. You can install the client manually on each phone using this procedure
16-8
Chapter 16
Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Provisioning and Installing on BlackBerry Devices
You can have users install the client on their own phones by using the User Portal. However, you must still complete the requirements in the Before You Begin section of this procedure. Refer users to the Cisco Unified Mobile Communicator 3.x Quick Start Guide for BlackBerry Devices.
Before You Begin
In order to prevent provisioning email messages from being routed to the Junk E-mail folder in Outlook, give BlackBerry device users the Admin Email address and the procedure in Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail, page 16-8. (Cisco Unified Mobility Advantage Release 7.0 only) By default access is restricted by device. You must remove this restriction for BlackBerry devices. To remove this restriction for all devices on the system, see Enabling Device ID Checking, page 12-1. After loading Cisco Unified Mobile Communicator on the BlackBerry Enterprise Server as described in Placing the Client Software on the BlackBerry Enterprise Server, page 16-5, Cisco Unified Mobile Communicator is automatically pushed out within four hours to activated users with the appropriate BlackBerry device data service. When this is complete, you can provision Mobile Communicator on the BlackBerry device. Follow procedures in How To Add Users and Prepare to Add Their Devices, page 14-1
Procedure
Sign in to the Cisco Unified Mobility Advantage Admin Portal. Select the [+] beside End Users. Select Search/Maintenance to display activated users. Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search. Select Edit next to the user ID. Select Add Phone. Edit the Add Phone properties: Phone List Country Service Provider Phone Make/Model Language Phone Number Description Select the country of the service provider. Select the mobile phone service provider Select the mobile phone make and model Select language. Enter the area code and mobile phone number Use the format 5555555555.
Step 8 Step 9
Select Next. Do one of the following:
16-9
Chapter 16 Provisioning and Installing on BlackBerry Devices
If You are distributing the client software through the BlackBerry Enterprise Server You need to manually install the client software on the BlackBerry device
Do This Select Finish.

1.
Follow the prompts that you see to install Cisco Unified Mobile Communicator on the BlackBerry device. Select Finish when installation is complete.
2.
What To Do Next
(Cisco Unified Mobility Advantage Release 7.0 only) If you did not disable Device ID checking for the entire system, you must disable it for each BlackBerry device you add. See Restricting Access By Device, page 14-2. Give the BlackBerry device to the user. The user must open Cisco Unified Mobile Communicator on the device and enter his or her Cisco Unified Mobile Communicator password at the sign-in prompt. Evaluate the items in Information to Give to Users, page 14-3 and provide the user with instructions for the tasks that you have not already completed.
16-10
CH A P T E R
17
Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones

For Nokia phones running the Symbian OS, Cisco Unified Mobility Advantage Release 7.x supports both the Cisco Unified Mobile Communicator client for Release 7.x (for English only) and the latest Release 3.x client (for French, German, Spanish, and Italian). Release 3.x clients will not benefit from the new features available in Release 7.x. See the Release Notes for limitations. You can add phones to user accounts, or users can add their own phones using the User Portal. There are several methods to install the client application on the phone.

Upgrades of Nokia Symbian Phones from Client Release 3.x to Release 7.x, page 17-1 Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network, page 17-2 Installing the Client on Nokia Symbian Phones from Your Computer, page 17-3
Upgrades of Nokia Symbian Phones from Client Release 3.x to Release 7.x
Client upgrades from Release 3.x to Release 7.x on Nokia Symbian phones do not follow the standard upgrade procedure. Instead, you or the users must delete their Nokia Symbian phones from the user accounts, then add each phone again as a new phone. When the user signs in to the new client release, the server will restore all data to the client on the phone. However, to ensure that no data is lost, users should be sure to connect to the server immediately before deleting the phone, in order to save any contacts or text messages they might have added since they last connected to the server.
17-1
Chapter 17 Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network
Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network
Cisco Unified Mobile Communicator can be installed on a Nokia Symbian phone using one of two methods: wireless installation or manual installation. You or the user can perform these operations.
Before You Begin
Do the following:

How to Make Client Software Available for Use, page 13-1 How To Add Users and Prepare to Add Their Devices, page 14-1. You can follow this procedure, or users can perform the tasks described in this topic using instructions in the user documentation. If users will do the installation, provide them with the information they need:
For Release 3.1.1 clients, refer users to the Cisco Unified Mobile Communicator 3.x Quick Start
Guide for Symbian OS Phones for instructions.

For Release 7.x clients, refer users to the user documentation documentation for Release 7.x of
the client for Nokia Symbian phones. User documentation is available from http://cisco.com/en/US/products/ps7271/products_user_guide_list.html.
Procedure
Select the [+] beside End Users. Select Search/Maintenance to display activated users. Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search. Select Edit next to the user ID. Select Add Phone. Edit the Add Phone properties: Phone List Country Service Provider Phone Make/Model Language Phone Number Configuration Method Description Select the country of the service provider. Select the mobile phone service provider Select the Nokia Symbian phone or series. Select language. Enter the area code and mobile phone number Select Over Air.
Step 7 Step 8
Select Next. Follow the prompts on the Admin Portal to install Cisco Unified Mobile Communicator on the mobile phone.
17-2
Chapter 17
Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Installing the Client on Nokia Symbian Phones from Your Computer
Step 9
When installation is complete, select Finish.
What To Do Next
Follow instructions in Information to Give to Users, page 14-3.
Installing the Client on Nokia Symbian Phones from Your Computer

This procedure provides an alternate method for installing the client application on Nokia Symbian phones.
Before You Begin
Do the following:

Uploading a Cisco Unified Mobile Communicator Release, page 13-2 How To Add Users and Prepare to Add Their Devices, page 14-1. Add phones to user accounts using the first part of the procedure in Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network, page 17-2. Make sure that your computer and the Nokia Symbian phones are set up to use infrared, Bluetooth, or the Nokia PC Suite application. For information, see the documentation that came with your computer, your phone, and any additional hardware or software required for your chosen transfer method.
Procedure
Select the [+] beside Handset Platform Management in the Admin Portal. Select Version Management. Select Download next to the Nokia Symbian phone to download the Cisco Unified Mobile Communicator .sisx file to your computer. Transfer the .sisx file to Nokia Symbian phones using infrared, Bluetooth, or the Nokia PC Suite application. Install the application if it does not install automatically.
What To Do Next
Do one of the following:

See Viewing Phone and Connection Information Per User, page 14-6 to obtain the information needed to provision the client application on each phone. Let users complete the provisioning process. Follow instructions in Information to Give to Users, page 14-3.
17-3
Chapter 17 Installing the Client on Nokia Symbian Phones from Your Computer
Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones
17-4
CH A P T E R
18
Viewing Statistics and Reports for Cisco Unified Mobility Advantage

Identifying Users Who Have Not Signed In, page 18-1 Viewing Cisco Unified Mobility Advantage Server Statistics, page 18-1 Viewing Call Reports, page 18-2 Viewing Summary Reports, page 18-3
Identifying Users Who Have Not Signed In

To identify users who have not signed in to either Cisco Unified Mobile Communicator or the User Portal:
Procedure
Select the [+] beside End Users. Select User Activation/Deactivation. Note the asterisk preceding the name of each user who has not signed in.
Viewing Cisco Unified Mobility Advantage Server Statistics

Procedure
Select the [+] beside Server Controls. Select Cisco. Select Control Server. Select Statistics. The statistics for Cisco Unified Mobility Advantage appear:
18-1
Chapter 18 Viewing Call Reports
Statistic Name Up Since Free Memory Number of Active Users
Definition Name of the Cisco Unified Mobility Advantage server. Date that Cisco Unified Mobility Advantage was last started. Amount of available memory, in bytes, on Cisco Unified Mobility Advantage. Number of users who are actively using Cisco Unified Mobile Communicator on their phone or the Cisco Unified Mobile Communicator User Portal. Total number of errors reported on Cisco Unified Mobility Advantage. To view these errors, search the log files for FATAL or ERROR. Total number of warnings reported on Cisco Unified Mobility Advantage. To view these warnings, search the log files for WARN.
Number of Errors
Number of Warnings
Step 5
Select Refresh to update the display.
Related Topics
How to View Error and Warning Logs, page 19-17
Viewing Call Reports

You can view a summary of calls (received, placed, and missed) by users. The report can show the total number of calls on the system or totals for each user.
Procedure
Select the [+] beside Reports. Select Usage Report. Enter information: Field From To Report Type Definition Specify the start date for the report. Specify the end date for the report. Select the type of report:

TotalCalls placed, received, and missed on all user phones By UserCalls placed, received, and missed on specific user phones
18-2
Chapter 18
Viewing Statistics and Reports for Cisco Unified Mobility Advantage Viewing Summary Reports
Step 4
Select Submit.
Viewing Summary Reports

You can view the total number of provisioned users, the number currently signed in to Cisco Unified Mobile Communicator, and the summary of mobile phones installed on the system.
Procedure
Select the [+] beside Reports. Select Summary Report. Wait a few moments while Cisco Unified Mobility Advantage generates the report. View the generated information: Summary Report Total Number of Users - Provisioned Total Number of Users - Logged In Handset Summary Report Service Provider Phone Make/Model Client Version Number of Phones Definition Number of users with provisioned phones Number of users who have signed in to Cisco Unified Mobile Communicator on their phone Definition Service provider associated with the phone Type and model of the phone Version of Cisco Unified Mobile Communicator installed on the phone. Number of phones installed
18-3
Chapter 18 Viewing Summary Reports
18-4
CH A P T E R
19
Troubleshooting Cisco Unified Mobility Advantage

Most problems arise from configuration errors or omissions, or problems with your network or mobile service providers.

Where To Start Troubleshooting, page 19-1 How to Solve Connection Problems, page 19-3 How to Solve Problems with Activation, Download, and Provisioning, page 19-4 How to Solve Problems Logging In to Client or User Portal, page 19-8 Phone Battery Depletes Quickly, page 19-8 How to Solve Call Log Problems, page 19-8 How to Solve Problems With the Dial Via Office Feature, page 19-10 How to Solve Voicemail Problems, page 19-12 How to Solve Problems with Availability Status (Presence), page 19-14 Conference Alerts Not Arriving Correctly, page 19-16 BlackBerry Users Do Not Receive Alerts, page 19-16 Lost or Stolen Mobile Device, page 19-17 How to View Error and Warning Logs, page 19-17 How To Recover From Server Failure, page 19-20 Enabling Remote Account Access for Cisco TAC Personnel, page 19-23
Where To Start Troubleshooting

Problem All problems. Solution Try the following, which are applicable when troubleshooting many problems:
Make sure that the client device is functioning and connecting to the network properly. See the troubleshooting section in the client documentation for users for the relevant device at http://www.cisco.com/en/US/products/ps7271/products_user_guide_list.html for a list of simple things to verify for all problems before doing anything else, if any.
19-1
Chapter 19 Where To Start Troubleshooting
Try, or have the user try, any troubleshooting tactics for the particular problem in the troubleshooting section or sections of the client documentation for the relevant device. For Release 7.0(2): Select the Test Config button on each page for the relevant adapter in the Cisco Unified Mobility Advantage Admin Portal to check for configuration errors. For Release 7.0(1): Check your configurations in the Cisco Unified Mobility Advantage Admin Portal for errors. If you are using a secure connection between Cisco Unified Mobility Advantage and the relevant enterprise server, try temporarily changing the Connection Type to TCP, Plain, or nonsecure in the Enterprise Adapter for that server, and on the relevant enterprise server for connections to Cisco Unified Mobility Advantage. Then stop and restart Cisco Unified Mobility Advantage. Do not forget to switch all settings on all servers back to secure connections after you have resolved the problem, if required. Change the Trust Policy to All Certificates in the Security Context associated with the enterprise server that provides the inoperative functionality, or upload a certificate from each affected server to the trust store in Cisco Unified Mobility Advantage. Then stop and restart the server (under Server Controls). Check the security policy of the relevant enterprise server with which Cisco Unified Mobility Advantage connects, to be sure you have deployed the required certificate from Cisco Unified Mobility Advantage. Disable and then re-enable the problem feature in the Admin Portal: Select Enterprise Configuration > Manage Adapter Services, then select the tab for the enterprise server that provides the feature. Disable the feature, then select Submit. See the bottom of the portal page to see whether you must stop and start the server before your change takes effect. Then enable the feature and select Submit. Again, stop and then restart the server if necessary. Check the Cisco Unified Mobility Advantage log files for errors. To find relevant information in the logs, search for exception until you find one with a keyword that may be related to the problem you are experiencing. For example, for problems with presence, look for an exception with CUP (Cisco Unified Presence). Make sure that the date and time are synchronized on all servers and mobile devices. If you did not specify a Network Time Protocol server during Cisco Unified Mobility Advantage installation, do so now. In the Unified Communications Operating System Administration pages, select Settings > NTP servers. See the online Help in the Unified Communications Operating System Administration pages for more information. Revisit configurations in both the relevant enterprise server and in Cisco Unified Mobility Advantage and re-enter the configuration settings. Then stop and restart Cisco Unified Mobility Advantage. A typing error or entry mismatch will cause features to fail. Configuration requirements for each feature are listed in the Enabling and Managing Features chapter.
Related Topics

Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage Viewing Log Files, page 19-18 Accessing the Cisco Unified Operating System Administration Portal, page 11-2 Chapter 12, Enabling Features and Options in Cisco Unified Mobility Advantage
19-2
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Connection Problems
How to Solve Connection Problems

No Connectivity On Initial Tests, page 19-3 Some Clients Cannot Connect on Initial Tests, page 19-3 Frequent Disconnects, page 19-4
No Connectivity On Initial Tests

Problem You are testing your initial configuration, but connections are not successful. Solution Check the following:
In the Cisco Unified Mobility Advantage Admin Portal, verify:

Enforce Device ID Check is False or (For each user of a Release 7.x client) Allow Any Device is True or you have entered an
IMEI/ESN number.
(For each user of a Release 3.x client) Allow Any Device is True.
Reprovision the device after making any change.
Make sure that the client device is functioning and connecting properly to the wireless network. See the relevant troubleshooting section in the client documentation for the particular device for a list of simple things to verify for all problems before doing anything else. If you used the Configuration Wizard, make sure that you completed all procedures described in the chapter, particularly those required after you finish the wizard itself. From the Cisco Adaptive Security Appliance, ping an IP address on the internet. From the Cisco Adaptive Security Appliance, ping the private IP Address of the Cisco Unified Mobility Advantage server. Check your configurations against the instructions in the chapter on the Cisco Adaptive Security Appliance. Cisco Adaptive Security Appliance configuration errors are a likely source of connection problems.
Related Topics

Enabling Device ID Checking, page 12-1 Restricting Access By Device, page 14-2 Performing Additional Required Procedures, page 7-25 Fixing Unsuccessful Pings, page 2-18 Troubleshooting the Cisco Adaptive Security Appliance, page 2-16 Some Clients Cannot Connect on Initial Tests, page 19-3
Some Clients Cannot Connect on Initial Tests

Problem Some clients are unable to connect. Solution
In the Cisco Unified Mobility Advantage Admin Portal, check the following:
19-3
Chapter 19 How to Solve Problems with Activation, Download, and Provisioning
Enforce Device ID Check is False or (For each user of a Release 7.x client) Allow Any Device is True or you have entered an
IMEI/ESN number.
(For each user of a Release 3.x client) Allow Any Device is True.
Reprovision the device after making any change.
Check the following on the Cisco Adaptive Security Appliance: Use This Command on the Cisco Adaptive Security Appliance sh tls-proxy tls-proxy maximum-sessions <number>
To Check the Maximum tls-proxy sessions set Set a new maximum number of connections
Frequent Disconnects
Problem Clients are unable to maintain connection to the server. Solution
If you will provision other users, check Cisco.com to see if there is a new .oar file. As Cisco collects data about optimal keep-alive values for the various countries, service providers, and device types, it may revise the initial keep-alive setting in the .oar file from which the client begins the adjustment. Extend the maximum time before the server ends the connection when there is no activity from the mobile device:
Select the [+] beside System Management. Select System Properties. Specify the Max Idle Time to Disconnect, in seconds. For example, set the value to 15-20 minutes (900-1200 seconds). Restart Cisco Unified Mobility Advantage. Repeat this procedure if needed, extending the time before disconnection.
Step 4 Step 5
How to Solve Problems with Activation, Download, and Provisioning

User Activation, page 19-5 Cannot Find User to Activate, page 19-5 Searching Active Directory from User Activation/Deactivation Page Results in Errors, page 19-6 All Users Unable to Download Client Software, page 19-6 Some Users Unable to Download Client Software, page 19-6 Cannot Provision Clients, page 19-6
19-4
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems with Activation, Download, and Provisioning
Client Disconnects Unexpectedly, page 19-7 BlackBerry Provisioning and Alert Messages Not Received, page 19-7
User Activation
Problem User activation and deactivation are not working. Solution
Check the cuma.log file for problems connecting to LDAP (Active Directory) as Admin. Make sure that your Admin user DN and Password are correct. Check other settings, for example the Key field, in the Enterprise Adapter for Active Directory. For Release 7.0(2): When you check the Active Directory adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button on each page.
Step 1 Step 2
.
See if you can access LDAP with your credentials using a freeware LDAP browser:
Get the browser from http://www-unix.mcs.anl.gov/~gawor/ldap/. Enter information into the LDAP browser: Tab Name Connection Parameter Name Host Value Any value. IP address or domain name of your Active Directory server, as entered into the Active Directory configuration in the Cisco Unified Mobility Advantage Admin Portal. Uncheck this option. Check this option. Admin User DN that you entered in the Active Directory configuration in the Cisco Unified Mobility Advantage Admin Portal. Password for the Admin User.
Anonymous Bind Append Base DN User DN
Password
Step 3 Step 4
Select Fetch DNs. Select Save. If you cannot connect and view the Active Directory structure, there is a problem with your access credentials.
Cannot Find User to Activate

Problem I am trying to activate users but some users are missing from the list of search results. Solution
19-5
Chapter 19 How to Solve Problems with Activation, Download, and Provisioning
Make sure that you have entered the correct Filter Criteria and Search Base into the Advanced Settings of the Active Directory configuration. Users whose configurations in Active Directory are missing required information do not appear in Cisco Unified Mobility Advantage. Add the first and last name, user ID, email address, and DN (or their equivalents as specified in the AD adapter configuration in Cisco Unified Mobility Advantage) into Active Directory. Only 1000 user IDs can be fetched from Active Directory.
Searching Active Directory from User Activation/Deactivation Page Results in Errors

Problem Searching AD from the User Activation/Deactivation page spins forever, and the logs show socket timeout exceptions. Solution Do a dnslookup on the top level domain, and make sure that all resulting servers on the list are
listening on port 389. Telnetting to this top level domain on port 389 will also fail. Remove the offending server from the DNS list and stop and restart Cisco Unified Mobility Advantage.
All Users Unable to Download Client Software

Problem All users cannot download the client software to their mobile devices. Solution
Verify the server address and port in the Admin Portal in System Management > Network Properties. These must match the IP addresses and ports configured in the Cisco Adaptive Security Appliance. See if this is a firewall issue: Verify that you can telnet to the host and port listed in the provisioning message. Use Telnet, not a PC-based web browser.
Some Users Unable to Download Client Software

Problem Some users cannot download the client software to their mobile devices. Solution
Have the user try the troubleshooting tips for installation issues in the documentation for users. Check settings for that user in the Admin Portal in End Users > Search Maintenance. Also select the Info button on that page to Make sure that the phone information is correct.
Cannot Provision Clients

Problem Connection errors while provisioning the client. Download was successful. Solution
(For each user of a Release 7.x client) Make sure that the IMEI number is entered correctly in the Device Identity Maintenance tab for the user, or set Allow Any Device to True, then attempt to reprovision. (For each user of a Release 3.x client) Set Allow Any Device to True, then attempt to reprovision.
19-6
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems with Activation, Download, and Provisioning
This problem can occur with mobile device service providers that have a signing requirement in addition to Mobile2Market for Windows Mobile Standard Edition devices. These providers include, but are not limited to, Orange and South Korea Telecom. Set Allow Any Device to True in the Device Identity Maintenance tab for the user. Have the user try the solutions in the Troubleshooting section of the user documentation for the relevant device, if any.
Client Disconnects Unexpectedly

Problem Cisco Unified Mobile Communicator disconnects unexpectedly. Solution This may occur occasionally when the mobile device is initially provisioned, as Cisco Unified
Mobile Communicator automatically adjusts the keep-alive interval to prevent such disconnects. The optimal interval can vary significantly between countries, service providers, and device types.
Modify the Max Idle Time to Disconnect parameter on the System Management > System Properties page. For example, set the value to 15-20 minutes (900-1200 seconds). Continue to modify as needed. If you will provision other users, check Cisco.com to see if there is a new .oar file. As Cisco collects data about optimal keep-alive values for the various countries, service providers, and device types, it may revise the initial keep-alive setting in the .oar file from which the client begins the adjustment.
Related Topics
Obtaining Client Software and Upgrades, page 13-1
BlackBerry Provisioning and Alert Messages Not Received

Problem BlackBerry users do not receive provisioning or alert messages. Solution These messages are sent by email. Users must configure Microsoft Outlook to ensure that
Cisco Unified Mobility Advantage alerts are sent to their BlackBerry device instead of to the Junk E-mail folder in Outlook. Give users the following information:

The Admin email address in System Management > SMTP Server Configuration. The following procedure.
Procedure
Launch Microsoft Outlook on your computer. Select Tools > Options. Select Preferences. Select Junk e-mail Select Safe Senders. Select Add. Enter the Admin email address. Select OK.
19-7
Chapter 19 How to Solve Problems Logging In to Client or User Portal
Step 9 Step 10
Select OK again. Continue to check your Junk mailbox; if necessary, disable junk-mail blocking during provisioning.
How to Solve Problems Logging In to Client or User Portal

User Cannot Sign In, page 19-8 Users Receive Security Warning When Accessing the User Portal, page 19-8
User Cannot Sign In

Problem User credentials are not valid. Solution Make sure to update Cisco Unified Mobility Advantage with any changes to the Organizational
Unit.
Related Topics
Changing the Active Directory Organizational Unit for Users, page 14-5
Users Receive Security Warning When Accessing the User Portal

Problem When users access the User Portal, they see a security alert that there is a problem with the security certificate. They can enter the portal, however. Solution Obtain and deploy a signed certificate for the Cisco Unified Mobility Advantage server.
Related Topics
About Required and Recommended SSL Certificates, page 9-2
Phone Battery Depletes Quickly

Problem The phone battery seems to discharge more quickly when Cisco Unified Mobile Communicator is running. Solution When the phone is initially provisioned, Cisco Unified Mobile Communicator automatically
detects and adjusts the keep-alive interval to avoid unintended disconnects from the server. This problem should resolve itself soon.
Related Topics
Client Disconnects Unexpectedly, page 19-7
How to Solve Call Log Problems
No Call Logs for Any Users, page 19-9
19-8
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Call Log Problems
No Call Logs for One User, page 19-9 Native Call Logs Show Dial Via Office Calls As Incoming, page 19-9 Calls Missing from Call Logs, page 19-9 Release 7.0(2): Call Logs Do Not Identify Internal Callers, page 19-10
No Call Logs for Any Users

Problem Call log monitoring is not working at all. Solution Check all configurations required for call log monitoring, as described in the Related Topic. For
Release 7.0(2): When you check the Cisco Unified Communications Manager adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button.
Note
After making any configuration changes in either Cisco Unified Communications Manager or Cisco Unified Mobility Advantage, and before testing each change on a mobile device, do the following:

Restart Cisco Unified Mobility Advantage. Have the user sign out of Cisco Unified Mobile Communicator and then log back in.
Related Topics
How to Configure Call Log Monitoring, page 3-1
No Call Logs for One User

Problem No call logs appear for one or a few users. Solution Make sure that you have added the desk phone to the Controlled Devices list for one of the
super users for which you enabled CTI in Cisco Unified Communications Manager.
Related Topics
Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19
Native Call Logs Show Dial Via Office Calls As Incoming

Problem Dial via Office calls appear as incoming calls in the native call log on the mobile device. Solution This is inherent in the way the feature works. Cisco Unified Communications Manager calls the
mobile device as well as the number dialed, then connects the two calls.
Calls Missing from Call Logs

Problem Calls are missing from the call logs in Cisco Unified Mobile Communicator. Solution Check the following:
19-9
Chapter 19 How to Solve Problems With the Dial Via Office Feature
Note
After making any configuration changes in either Cisco Unified Communications Manager or Cisco Unified Mobility Advantage, and before testing each change, do the following:

Have the user check the troubleshooting section of the user documentation for Cisco Unified Mobile Communicator for their device. Carefully revisit all information and procedures in each Related Topic for this section. Step through the configurations again and check for errors. Be sure not to overlook any Before You Begin or What To Do Next sections in the procedures. If you are using Cisco Unified Communications Manager Release 4.x, make sure that you have identified the correct Active Directory attribute for Work Phone in the Advanced Settings tab of the Active Directory adapter configuration. This value must be unique for each person configured in Active Directory. Verify that the adapter configuration for Cisco Unified Communications Manager is correct. For Release 7.0(2): Select the Test Config button at bottom of the page. Make sure Enable Corporate PBX integration is set to Yes in Manage Adapter Services for Cisco Unified Communications Manager. Also see whether the expiry time affects the missing messages.
Related Topics

How to Configure Call Log Monitoring, page 3-1 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 Enabling Call Log Monitoring and Configuring Options, page 12-2 Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features), page 3-19
Release 7.0(2): Call Logs Do Not Identify Internal Callers

Problem Calls in the call logs are not identified by name; only the phone number appears. Solution Make sure that the phone number format that Cisco Unified Mobility Advantage is searching
for matches the phone number format of the directory. Verify this format in the Phone Number Format field on the Basic Settings page of the Active Directory adapter. See the description for the Phone Number Format field for details.
Related Topics
Basic Settings, page A-2
How to Solve Problems With the Dial Via Office Feature

Dial Via Office Feature is Not Working For All Users, page 19-11 Dial Via Office Feature is Not Working For One or More Users, page 19-12
19-10
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems With the Dial Via Office Feature
Dial Via Office Feature is Not Working For All Users

Problem The Dial Via Office feature is not working for all users. Solution Cisco Unified Communications Manager provides this feature this using the Reverse Callback
type of Dial-via-Office. How the feature works: When the user makes a call from Cisco Unified Mobile Communicator using the Dial-via-Office feature, Cisco Unified Communications Manager calls the user back at the number the user specifies, then calls the number that the user dialed, and then connects the call. Try the following:
Note
After making any configuration changes in either Cisco Unified Communications Manager or Cisco Unified Mobility Advantage, and before testing each change, do the following:

Verify that the MobileConnect feature is working correctly independently of Cisco Unified Mobility Advantage. This ensures that Cisco Unified Communications Manager can reach the device, based on the configured mobility identity number and the rerouting calling search space on the device configuration page. Verify that the call log monitoring feature functions properly. If not, check the configurations for that feature first. If you change a CTI user ID and password in Cisco Unified Communications Manager, then you must change the corresponding CTI user ID and password in the Enterprise Adapter for Cisco Unified Communications Manager in Cisco Unified Mobility Advantage. Stop Cisco Unified Mobility Advantage before making this change, or your change will not be saved. For Release 7.0(2): When you check the Cisco Unified Communications Manager adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button at the bottom of the page to be sure you have entered the changes correctly.
For Release 7.0(1): If you change the CTI user ID and password in the Enterprise Adapter for Cisco Unified Communications Manager, this also overwrites the username in the SOAP Information section) of the adapter configuration. You must change this to the username of the Application User to which you assigned the AXL API access in Cisco Unified Communications Manager. Stop Cisco Unified Mobility Advantage before making this change, or your change will not be saved. Verify that you have entered the ports correctly in the Cisco Unified Communications Manager adapter. Try disabling secure connections between Cisco Unified Communications Manager and Cisco Unified Mobility Advantage by temporarily setting the transport type to a nonsecure type on each server. If the problem is resolved, revisit your server security configurations. Carefully revisit all information and procedures required for this feature. Step through the configurations again and check for errors. Be sure not to overlook any Before You Begin or What To Do Next sections in the procedures. For Release 7.0(2): When you check the Cisco Unified Communications Manager adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button.
19-11
Chapter 19 How to Solve Voicemail Problems
If you change the cluster security mode in Cisco Unified Communications Manager to mixed mode, you must restart Cisco Unified Communications Manager to re-enable the dial-via-office feature.
Related Topics

How to Configure Dial Via Office, page 3-9 How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13
Dial Via Office Feature is Not Working For One or More Users
Problem Dial Via Office is not working for all users, or for users at particular locations or having particular mobile phone service providers. Solution
There may be a networking issue with the local GSM mobile data connection leading to timeouts. Carefully revisit all information and procedures in each Related Topic for this section. Step through the configurations again and check for errors. Be sure not to overlook any Before You Begin or What To Do Next sections in the procedures. Have the user check the Cisco Unified Mobile Communicator settings on the phone. Have the user sign out of Cisco Unified Mobile Communicator and then sign in again. If nothing else works, reset Cisco Unified Mobile Communicator in the Cisco Unified Communications Manager User Options web page: Select User Options > Device, then select your mobile device for Device Name. Select Reset. (This will not erase any data in Cisco Unified Mobile Communicator.)
Related Topics

Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19 Configuring User Accounts in Cisco Unified Communications Manager, page 3-20 Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21 Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21
How to Solve Voicemail Problems

Unable to Access Voicemail, page 19-13 Unable to Access Voicemail Using DTMF, page 19-13 BlackBerry Users Cannot Access Voicemail After Upgrade from Release 3.x, page 19-13 Error On Accessing Voicemail, page 19-13 Missing Voice Messages, page 19-14 Some Users Do Not Receive Voice Messages, page 19-14 Users Cannot Receive Secure Voice Messages, page 19-14
19-12
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Voicemail Problems
Unable to Access Voicemail

Problem Voicemail is not working. Solution
Verify that IMAP is enabled for the user in Microsoft Exchange (for Cisco Unity) or in Cisco Unity Connection. Check your configurations in the following Related Topics sections. For Release 7.0(2): When you check the voicemail adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button at the bottom of the Basic Settings page.
Have users sign out and sign in to Cisco Unified Mobile Communicator again after you make any changes.
Related Topics

Enabling and Configuring Voicemail, page 12-4 About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14
Unable to Access Voicemail Using DTMF

Problem Entering the DTMF code to access voicemail does not route the call properly. Solution Make sure that all DTMF access codes are unique in Cisco Unified Communications Manager.
Related Topics
Important Information About DTMF Access Codes, page 3-12
BlackBerry Users Cannot Access Voicemail After Upgrade from Release 3.x
Problem BlackBerry users cannot access voicemail after upgrade from Cisco Unified Mobility Advantage Release 3.x. Solution If the voicemail sign-in credentials differ from the sign-in credentials for Cisco Unified Mobile
Communicator, upgraded BlackBerry users must set their voicemail usernames and passwords in the User Portal before they can access voicemail from their BlackBerry devices. They can always access their voicemail using other standard methods regardless, such as by using their desk phone.
Error On Accessing Voicemail

Problem Error: Unauthorized when accessing voicemail. Solution Check Cisco Unity or Cisco Unity Connection and see if the account has been locked as a result
of too many incorrect sign-in attempts.
19-13
Chapter 19 How to Solve Problems with Availability Status (Presence)
Missing Voice Messages

Problem User sees some voice messages in Outlook that do not appear on Cisco Unified Mobile Communicator. Solution The messages may be older than the expiry period configured in Cisco Unified Mobility
Advantage in the Manage Adapter Services for the voicemail adapter.

Related Topics

Viewing and Changing Enterprise Adapter Settings, page 10-4 About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14
Some Users Do Not Receive Voice Messages

Problem Some users receive voice messages but others do not. Solution
Make sure that the users are signed in to Cisco Unified Mobile Communicator. If the company has more than one voicemail or Exchange server, you must create an enterprise adapter for each. For Release 7.0(2): You can check the configuration by selecting the Test Config button at the bottom of the adapter page.
If client credentials differ from voicemail credentials, make sure that users have entered the voicemail credentials in the settings on the client or in the User Portal.
Related Topics
Adding a New Enterprise Adapter, page 10-3
Users Cannot Receive Secure Voice Messages

Problem Users cannot receive secure messages. Solution This feature is supported only with Cisco Unity Release 7.0 and Cisco Unity Connection
Release 7.0. For Cisco Unity, check the adapter configuration and Make sure that the SOAP information and user ID and password are entered correctly. For Release 7.0(2): You can check the configuration by selecting the Test Config button at the bottom of the Basic Settings page.
Related Topics
About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14
How to Solve Problems with Availability Status (Presence)

Presence Is Incorrect, page 19-15 User Cannot Change Status from Idle to Available, page 19-15
19-14
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems with Availability Status (Presence)
Viewing the Sign-in Status of a Cisco Unified Mobile Communicator User on Cisco Unified Presence, page 19-16
Presence Is Incorrect
Problem Availability status is not showing correctly. Solution
Have the user verify the troubleshooting steps in the user documentation for the relevant device, if any. Make sure that presence is showing correctly on other devices, such as Cisco Unified Personal Communicator. The problem may not be specific to Cisco Unified Mobility Advantage. If a user reports that his availability status appears different on different clients, for example Cisco Unified Personal Communicator: Have the user sign out and in again to force the synchronization. You can also force the sign out in the Search Maintenance page for the user. (Roll your mouse over the icons to see which icon to select.) See the documentation for Cisco Unified Presence, including but not limited to the section on integration with Cisco Unified Mobility Advantage and any troubleshooting information. See http://cisco.com/en/US/products/ps6837/tsd_products_support_series_home.html.
Check that the configurations are correct in the following Related Topics. For Release 7.0(2): When you check the Cisco Unified Presence adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button on each page.
Related Topics

Chapter 4, Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage Configuring a Presence Account for Each User in Cisco Unified Communications Manager, page 3-24 About Cisco Unified Presence Enterprise Adapter Settings, page A-10 Enabling Exchange of Presence, page 12-5 Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6 Viewing the Sign-in Status of a Cisco Unified Mobile Communicator User on Cisco Unified Presence, page 19-16
User Cannot Change Status from Idle to Available

Problem User cannot change availability status from Idle to Available. Solution This is intended. Idle status results only when Cisco Unified Personal Communicator is running
but the user is not using the computer. Since users cannot send instant messages between Cisco Unified Personal Communicator and Cisco Unified Mobile Communicator, this limitation ensures that other Cisco Unified Personal Communicator users do not mistakenly believe the user is available to receive instant messages in Cisco Unified Personal Communicator.
19-15
Chapter 19 Conference Alerts Not Arriving Correctly
Viewing the Sign-in Status of a Cisco Unified Mobile Communicator User on Cisco Unified Presence
Problem I need to see whether a mobility user appears as signed in on the Cisco Unified Presence server. Solution When you have completed the integration between Cisco Unified Presence and Cisco Unified Mobility Advantage, you can obtain this information using this procedure: Step 1 Step 2 Step 3
Sign in to Cisco Unified Presence Administration. Select Diagnostics > Presence Viewer. Enter a valid user ID.
Tip Step 4 Step 5
Select Search to find the ID for a user.
Select Submit. Look at the Mobility Integration section for the status.
Conference Alerts Not Arriving Correctly

Problem Conference alerts are not arriving, or are not arriving on time. Solution
Check your configurations in each of the following Related Topics.
Related Topics

About Microsoft Exchange Enterprise Adapter Settings, page A-11 Enabling Conference Notifications, page 12-5 Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6
BlackBerry Users Do Not Receive Alerts

Problem Alerts are sent to the Junk folder in Microsoft Outlook instead of to the BlackBerry device. Solution You must provide users with:
The procedure for preventing Outlook from treating these messages as junk mail. The Admin email address. The Admin email address can be viewed under System Management > SMTP Server Configuration.
Related Topics
Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail, page 16-8
19-16
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage Lost or Stolen Mobile Device
Lost or Stolen Mobile Device

Problem A mobile device is lost or stolen. Solution You can remove all corporate information from Cisco Unified Mobile Communicator and
disable the application.

Related Topics
Removing Cisco Unified Mobile Communicator Data from a Phone, page 14-8
How to View Error and Warning Logs

Specifying Log Information, page 19-17 Viewing Log Files, page 19-18
Specifying Log Information

You can specify how log files and messages are collected and stored.
Procedure
Select the [+] beside System Management. Select Log Configuration. Enter information:
19-17
Chapter 19 How to View Error and Warning Logs
Item Log Level
Description Determines the level of information captured for the log file. Default is Info.

DebugRecords the largest amount of information in the logs. InfoRecords informational logs, warnings, errors, and fatal logs WarningRecords logs that are generated if the server encounters problems that impact a single user, more than one user, or impacts the system ErrorRecords logs that are generated if the server encounters problems that impact more than one user or impacts the system. If you select Error, only actual errors are displayed in the log. FatalRecords logs that are generated if the server encounters problems that impact the Cisco Unified Mobility Advantage system
Log File Size (MB)
Determines the size of each log file that is generated by the Admin Server and Managed Server. Value of this field should be between 1 and 999. Default is 20.
Number of Log Files
Determines the maximum number of log files that are preserved by the Admin Server and the Managed Server. Value of this field should be between 1 and 9999. Default is 100.
Step 4
Select Submit.
Viewing Log Files

Procedure
Use a tool such as PuTTY to remotely access the server using SSH. Sign in as the platform administrator using the sign-in information that you entered during installation. Determine which type of log file to view: For These Problems Problems with initial setup and configuration Problems with the Admin portal Problems after the system is up and running Most other problems View This Type of Log admin_init.log admin.log cuma.log cuma.log
19-18
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to View Error and Warning Logs
For These Problems For Release 7.0(1) only: Utility functions such as starting the Cisco Unified Mobility Advantage server (These logs are rarely used.) For Release 7.0(1) only: Utility functions such as starting the Cisco Unified Mobility Advantage server (These logs are rarely used.)
View This Type of Log node_manager.log node_manager_init.log
node_manager_init.log node_manager_init.log
There may be more than one instance of each log type. After a log file reaches the maximum size you specify in the Administration portal, the older information is separated into a separate file stamped with the date and time of the separation, for example admin.log<date and timestamp>.
Step 4
Use the command line interface (CLI) to find the logs to view: To List the files available for viewing For This Service admin service This service runs the Admin portal For Release 7.0(1) only: node manager managed server file list cuma * file list node_manager * Use This Command file list admin *
Step 5
View a log file: To Download a log file (You must use SFTP) For Release 7.0(1) only: node manager managed server For This Service admin service Use This Command file get admin admin.log where admin.log is one of the files in the list you viewed. file get node_manager node_manager.log where node_manager.log is one of the files in the list you viewed. file get cuma cuma.log where cuma.log is one of the files in the list you viewed.
19-19
Chapter 19 How To Recover From Server Failure
To Tail a log file (View the last few lines of a log file in real time)
For This Service admin service
Use This Command file tail admin admin.log where admin.log is one of the files in the list you viewed.
For Release 7.0(1) only: node manager managed server
file tail node_manager node_manager.log where node_manager.log is one of the files in the list you viewed. file tail cuma cuma.log where cuma.log is one of the files in the list you viewed.
End the tail (Stop viewing the tail)

Step 6
All
Press Control-C.
Search in the log file for exception until you find an exception associated with a keyword that indicates the source of the problem. For example, if the problem is related to Presence, look for an exception with the Cisco Unified Presence server.
How To Recover From Server Failure

Obtaining a Disaster Recovery Disk, page 19-20 Checking and Correcting Disk File System Issues, page 19-20 Reinstalling the Operating System and Cisco Unified Mobility Advantage, page 19-21 Restoring Cisco Unified Mobility Advantage Data From Your Backup, page 19-21 For Upgrades from Release 7.0(1): Reverting to a Previous Version of Cisco Unified Mobility Advantage, page 19-22
Obtaining a Disaster Recovery Disk

Obtain a recovery disk from the Software Downloads area on Cisco.com: http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=281001413.
Checking and Correcting Disk File System Issues

Problem The server has failed. Solution Use the Disaster Recovery Disk to check for and automatically correct disk file system issues. Step 1
Insert the Disaster Recovery disk and restart the computer, so it boots from the CD.
19-20
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How To Recover From Server Failure
Enter option [F]|[f] and wait while the process completes. Enter option [M][m] and wait while the process completes. Enter option [V]|[v] and wait while the process completes. Enter [Q]|[q] to quit this recovery disk program.
What To Do Next
If this does not resolve the problem, see Reinstalling the Operating System and Cisco Unified Mobility Advantage, page 19-21.
Reinstalling the Operating System and Cisco Unified Mobility Advantage

Problem The Cisco Unified Mobility Advantage server is completely unrecoverable. No other solution has solved the problem, including using the Disaster Recovery Disk to check for and automatically correct disk file system issues. Solution Prepare the hard drive for a clean installation by wiping out the master boot record and reverting
the BIOS settings to factory defaults.
Caution
This procedure reformats your hard drive. You will lose all the data that is currently on your hard drive. Insert the Disaster Recovery disk and restart the computer, so it boots from the CD. Enter W for Windows preinstallation setup. Enter Yes to continue. Wait for reformatting to complete.
What To Do Next

Reinstall the operating system and Cisco Unified Mobility Advantage. See Chapter 6, Installing Cisco Unified Mobility Advantage After reinstalling, restore from your backup file. See Restoring Cisco Unified Mobility Advantage Data From Your Backup, page 19-21
Restoring Cisco Unified Mobility Advantage Data From Your Backup

Problem The Cisco Unified Mobility Advantage server has failed. Solution Restore from a recent backup:
Before You Begin

An existing backup is required. See Backing Up Your Cisco Unified Mobility Advantage Server, page 11-3. You must restore onto a working server that meets the hardware requirements of your original Cisco Unified Mobility Advantage server.
19-21
Chapter 19 How To Recover From Server Failure
This server must be on the network and accessible using SFTP. The SFTP path must exist prior to the backup.
Step 1
Install on the new server the identical operating system and Cisco Unified Mobility Advantage version as your main Cisco Unified Mobility Advantage server. You must assign this server the same IP address as your original Cisco Unified Mobility Advantage server. Skip the Configuration Wizard and access the Admin Portal instead. Select Disaster Recovery System from the list box at the top right of the page. Select Go. Sign in with the platform credentials you entered while installing Cisco Unified Mobility Advantage. Select Restore > Restore Wizard. Select the Backup Device you named when setting up your backups. Select Next. Select the date and time of the backup file from which you want to restore. Select Next. Select CUMA for Select Features. Select Next. Select the original server name as the server to restore. Select Restore. Wait until the restore status shows Success. Select Cisco Unified OS Administration from the list box at the top right of the window. Sign in to the Cisco Unified OS Administration portal. Choose Settings > Version. Select Restart.
Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 Step 19
For Upgrades from Release 7.0(1): Reverting to a Previous Version of Cisco Unified Mobility Advantage
If an upgrade from Cisco Unified Mobility Advantage Release 7.x is unsuccessful, you can use the Disaster Recovery Disk to revert to the previously-installed release. If you revert to a previous version of Cisco Unified Mobility Advantage, you will lose any configuration changes that you made using the upgraded software.
Before You Begin
See Obtaining a Disaster Recovery Disk, page 19-20.
Caution
This procedure reformats your hard drive. You will lose all the data that is currently on your hard drive. Insert the Disaster Recovery disk and restart the system, so it boots from the CD.
Step 1
19-22
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage Enabling Remote Account Access for Cisco TAC Personnel
Step 2 Step 3
Enter W for Windows preinstallation setup. Enter Yes to continue. The Disaster Recovery disk formats your hard drive, so you can reinstall Cisco Unified Mobility Advantage.
Step 4 Step 5
Install Cisco Unified Mobility Advantage according to the instructions elsewhere in this guide. Use the Backup and Restore Utility to restore the previously backed-up data to the servers.
Enabling Remote Account Access for Cisco TAC Personnel

Problem Any problem that requires contacting Cisco TAC for support. Solution If you contact Cisco TAC for support, the technician may ask you to enable remote account
access for him or her. Only TAC personnel can use this access, and only if there is an open case. You specify the duration of this access when you enable it.
Before You Begin
You will need the platform administrator sign-in credentials you entered during installation. These are distinct from the Admin Portal sign-in credentials. You should also have the information summarized in Viewing Version and Configuration Information, page 11-2.
Procedure
Use SSH to access the Cisco Unified Mobility Advantage server and sign in as the platform administrator. Run the CLI command utils remote_account enable. Run the CLI command utils remote_account create [account name] [life] where account name is any value and life is the duration of this access in days (1 to 30). Example: utils remote_account rootroot 30. This command creates a remote account with name rootroot for a life of 30 days and generates the passphrase for it.
Step 4
Give the TAC technician the Account name and Passphrase that appear. The technician will use this information to access the server remotely. Only TAC personnel can decrypt the passphrase and access the server.
19-23
Chapter 19 Enabling Remote Account Access for Cisco TAC Personnel
19-24
A P P E N D I X
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage

Revised: May 6, 2009
You must configure an enterprise adapter for each enterprise server with which Cisco Unified Mobility Advantage connects. The values in the following tables are required for these configurations. You should enter your values into these tables before you begin the installation or the upgrade from Release 3.x.

About Active Directory Enterprise Adapter Settings

Cisco Unified Mobility Advantage uses Active Directory for:

User authentication for access to the User Portal and Cisco Unified Mobile Communicator. Directory search for contacts from Cisco Unified Mobile Communicator Number-to-name resolution for caller identification in the call logs in Cisco Unified Mobile Communicator. Locating user information in Microsoft Exchange
Restrictions
At least one Active Directory server is required. Cisco Unified Mobility Advantage can connect to multiple Active Directory servers and to multiple OUs on the same Active Directory server, for example if you need to include users in different OUs. Create an adapter for each server or OU. Cisco Unified Mobility Advantage and Cisco Unified Personal Communicator must point to the same Active Directory server. All users sign in to Cisco Unified Mobile Communicator with their Active Directory passwords. These passwords cannot be longer 14 characters.
A-1
Appendix A About Active Directory Enterprise Adapter Settings
The Active Directory adapter includes the following settings:

Basic Settings, page A-2 Advanced Settings, page A-4 Exchange Lookup, page A-5
Basic Settings
These settings allow Cisco Unified Mobility Advantage to connect to Active Directory. Setting Host Name/ IP address Port Description Hostname or IP address of the corporate directory server. LDAP port of the corporate directory server. Cisco Unified Mobility Advantage uses this port to connect to the corporate directory for adding users to Cisco Unified Mobility Advantage and for user directory listing and searches. Default is 389. Admin DN The distinguished name of the account that Cisco Unified Mobility Advantage uses to read data from your corporate directory server. For example: CN=CUMA Read Only User,CN=Users,DC=department,DC=example,DC=com This account must have at least read-only permissions in your corporate directory server. It must also have a valid Exchange mailbox. Enter the DN in the long format including the container name. Do not use the short form (domain name/User ID). Password Authentication Type Connection Type The password for the Admin DN account. Simple. Type of connection to use between Cisco Unified Mobility Advantage and the corporate directory server. Use SSL for secure connections. Use Plain for nonsecure connections. This should match the connection type that Active Directory requires. Your Value
A-2
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Active Directory Enterprise Adapter Settings
Setting Security Context
Description This setting appears only if you choose SSL for Connection Type. Select a Security Context for connections between Cisco Unified Mobility Advantage and Active Directory. If you choose a security context that has the Trust Policy set to Trusted Certificates, you must validate the identity of the Active Directory server, for example by importing a self-signed certificate from Active Directory into the security context.
Your Value
Polling Period (days) Phone Number Format
Frequency (in days) with which Cisco Unified Mobility Advantage checks the corporate directory server for updates. The default is 1 day. The format you enter here must match the format of the following phone numbers:
For Cisco Unified Communications Manager Release 4.x: Phone numbers in Active Directory in the attribute you specify for the Work Phone field in the Advanced Settings described in the table below. For other releases of Cisco Unified Communications Manager: The primary directory number for each person in Cisco Unified Communications Manager.
Be careful not to include any extra spaces, especially at the beginning or end of your number format. This information is required in order to identify callers by name. By default, Cisco Unified Mobility Advantage formats numbers using the North American Numbering Plan, (###) ###-####, where each # represents a digit. Up to ten digits will be formatted according to this pattern, starting from the right. Therefore:
If a number has 5 digits (for example, 12345), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 1-2345. If a number has 6 digits (for example, 123456), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 12-3456.
If you do not use any punctuation at all, the number format for the same number of digits as the default would be ##########. If you need to change this value after Cisco Unified Mobility Advantage is running, restart Cisco Unified Mobility Advantage after you make this change.
Related Topics
Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage.
A-3
Appendix A About Active Directory Enterprise Adapter Settings
Advanced Settings
Do not change Attribute Name values from the default unless you are certain that a different value is the correct value. Setting
Attribute Names
Description Attribute name in Active Directory that represents the distinguished name of a user. For example: distinguishedName Attribute name in Active Directory that represents the first name of a user. For example: givenName Attribute name in Active Directory that represents the last name of a user. For example: sn Attribute name in Active Directory that represents the corporate name of a user. For example: sAMAccountName Attribute name in Active Directory that uniquely identifies a user. For example: distinguishedName
Distinguished Name
First Name
Last Name
User ID
Key
Home Phone
Attribute name in Active Directory that represents the home phone number of a user. For example: homePhone
Work Phone
Attribute name in Active Directory that represents the unique office phone number of a user. For example: telephoneNumber If you use Cisco Unified Communications Manager Release 4.x, Cisco Unified Mobility Advantage uses this attribute to identify calls for user call logs.
Mobile
Attribute name in Active Directory that represents the mobile phone number of a user. For example: mobile
Email
Attribute name in Active Directory that represents the email address of a user. For example: mail
Search Settings
A-4
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Active Directory Enterprise Adapter Settings
Setting Filter criteria
Description Criteria that distinguish employees from other resources in Active Directory, such as conference rooms that can be invited to meetings. Do not change the default value unless you have a specific reason to do so.
Search Base
This setting does not appear in the Configuration Wizard.
This is the Distinguished Name (DN) of the node in the directory below which Cisco Unified Mobility Advantage will search for users to be activated, and for which contacts can be searched for users. Microsoft retrieves up to 1000 results per search. Use the lowest node that includes the necessary names. Using a higher node will create a larger search base and thus reduce performance.
Follow Referral
Determines if Cisco Unified Mobility Advantage follows referrals from the authoritative Active Directory server to cascaded Active Directory servers, for example for subdomains, when searching. The default value is True.
Exchange Lookup
These settings allow Cisco Unified Mobility Advantage to determine which Microsoft Exchange server at your company holds the user information for each user. Cisco Unified Mobility Advantage generally detects these values automatically. If you need to change these values, contact your Active Directory administrator. Setting Contact Adapter Description The name of the attribute within the corporate directory that identifies the logical Exchange server resource name for a user. For example: msExchHomeServerName DNS Host Name The name of the attribute within the corporate directory that identifies the DNS host name of a server machine. For example: dNSHostName Your Value
A-5
Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unified Communications Manager Enterprise Adapter Settings
Setting Contact Adapter DN Mask
Description The mask for the Contact Adapter DN value. The format of the DN Mask is: ??,CN=Computer,DC=department,DC=example,DC=com Cisco Unified Mobility Advantage will use the value of the Contact Adapter setting (entered above) in combination with this DN Mask to search for the DNS hostname of a user's Exchange Server. ?? is substituted with the CN=<hostname of the Exchange server>. The following part is used to complete the DN. This complete string is then used to retrieve details about the user's Exchange host. The hostname is retrieved from Active Directory using the Contact Adapter attribute of the user entry. Contact Adapter (msExchHomeServerName). For example, if in Active Directory for user test1, the msExchHomeServerName is "myExchange" and the DN Mask is configured as ??, CN=Computer, DC=myDivision, DC=somecompany, DC=com, then the Cisco Unified Mobility Advantage Enterprise server will lookup the following entry in Active Directory to get details about the Exchange server and use it to store personal contacts of the test1 user: CN=myExchange, CN=Computer, DC=myDivision, DC=somecompany, DC=com
Your Value
Contact Adapter Search Base
The Distinguished Name of the root node that contains your Exchange Server's information in your corporate directory. For example: CN=Computers,DC=department,DC=example,DC=com Cisco Unified Mobility Advantage searches the Exchange Server from this root node. Use the lowest node that includes the necessary names. Using a higher node will create a larger search base and thus reduce performance if the directory is very large. Microsoft retrieves up to 1000 results per search.
About Cisco Unified Communications Manager Enterprise Adapter Settings

Server Settings, page A-7 Directory Lookup Settings, page A-8
A-6
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unified Communications Manager Enterprise Adapter Settings
Server Settings
These settings allow Cisco Unified Mobility Advantage to connect to Cisco Unified Communications Manager in order to:
Retrieve unified call log information to display in Cisco Unified Mobile Communicator. This allows Cisco Unified Mobile Communicator users to view lists of calls to and from their main office phone number.
Support the unified calling features, Dial-via-Office and Mobile Connect (formerly Single Number Reach)
Note
Scroll down in the Admin Portal window to see all required settings.
Setting Address Information
Description
Your Value
Primary Host Name The hostname or IP address of the primary Cisco Unified Communications Manager server that is running the CTI super user account or accounts that you created. Primary Server Port The port used to communicate with the primary Cisco Unified Communications Manager server. The default is 5060. Backup Host Name (Optional) The backup server host name or IP address. Backup Server Port The port used to communicate with the backup Cisco Unified Communications Manager server. CTI User Credentials User Name Enter the super user or super users you configured in Cisco Unified Communications Manager for call log monitoring or Dial via Office. You can add up to four CTI User accounts. Password SIP Information Transport Type Select TLS for secure connections. Select TCP for normal connections. Select UDP for connections without error correction. The default transport type is TCP. This must match the setting in the CUMA Server Security Profile on the Cisco Unified Communications Manager server. Communications Manager Version If Cisco Unified Mobility Advantage is running, stop it before you change this value. Enter the password or passwords associated with the user name or names above.
For Release 7.0(1): SOAP Information For Release 7.0(2): Web Services Information
A-7
Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unified Communications Manager Enterprise Adapter Settings
Setting Https Port
Description The SIP port number of the Cisco Unified Communications Manager server. This is often the same secure port that runs the Cisco Unified Communications Manager Administration page. Cisco Unified Communications Manager runs the AXL interface on this port. The default is 8443.
Your Value
User Name Password Security Context This option is available only with Cisco Unified Communications Manager Release 7.0.
Related Topics

The Cisco Unified Communications Manager Application User Name to which you assigned standard AXL API access. The Password for the user in the row above. Select a security context for the Cisco Unified Communications Manager server. For the simplest configuration, choose a Security Context that has the Trust Policy set to All Certificates. If you choose a security context that has the Trust Policy set to Trusted Certificates, you must deploy necessary certificates.
Additional Information
Configuring Standard AXL API Access to Retrieve User Information, page 3-5 Device Pool Requirements, page 3-12 Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage. Importing Self-Signed Certificates from Trusted Servers, page 9-10 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5
Directory Lookup Settings

If you have Cisco Unified Communications Manager Release 5.x through 7.0, you configure these settings in Cisco Unified Communications Manager. If you have Cisco Unified Communications Manager Release 4.x, this tab appears in Cisco Unified Mobility Advantage. This table describes the settings and values required for both situations.
A-8
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unified Communications Manager Enterprise Adapter Settings
Setting Rule Name
Purpose
Description
This setting identifies Enter a descriptive name for this rule. the rule in the list. The name can contain up to 50 alphanumeric characters and can contain any combination of spaces, periods (.), hyphens (-), and underscore characters (_). If you are performing this configuration in Cisco Unified Communications Manager:
For rules to be applied to incoming calls, the Rule Name MUST begin with indir. For example, indir_international. For rules to be applied to outgoing calls, the Rule Name MUST begin with outdir. For example, outdir_internal.
You do not need the indir and outdir prefixes if you are configuring lookup rules in Cisco Unified Mobility Advantage. Rule Description (Configurations in Cisco Unified Communications Manager only) Rule Type (Configurations in Cisco Unified Mobility Advantage only.) Number Begins With This setting describes Enter a description of the rule. the rule.
These settings To apply this rule to calls to the primary desk phone identify the phone number, choose Incoming. numbers to which this To apply this rule to calls dialed from the desk phone rule will apply. or (for Cisco Unified Communications Manager 7.0 only) from the mobile phone using Dial-via-Office, choose Outgoing. Enter the digits at the beginning of the phone number to which this rule will apply. Valid values include numeric digits (0 through 9), plus (+), asterisk (*), and pound (#). Omit formatting such as spaces, dashes, or parentheses.
Number of Digits
Number of digits in phone numbers to which this rule will apply.
A-9
Appendix A About Cisco Unified Presence Enterprise Adapter Settings
Setting Total Digits To Be Removed
Purpose These settings specify the transformation required for the dialed or received phone number to match the number for the correct person in the directory.
Description Enter the number of digits to strip from the beginning of the phone number. You can also leave this setting blank to leave the number as it is. Enter the digits to prepend to the number, whether or not digits are removed.
Prefix With Pattern
You must enter a Valid values include digits (0 through 9), plus (+), value in at least one of asterisk (*), and pound (#), or no value. these settings.
Related Topics
Recommended Directory Lookup Settings, page 3-7
About Cisco Unified Presence Enterprise Adapter Settings

Cisco Unified Presence provides the ability for users to share their availability status. You entered values into these tables while preparing to install or to upgrade from Release 3.x.

Basic Settings, page A-10 Advanced Settings, page A-11
Basic Settings
Setting Description Your Value
Host Name/IP Address Hostname or IP address of the Cisco Unified Presence server to which all Cisco Unified Mobility Advantage users are assigned. Port Port on which Cisco Unified Mobility Advantage will communicate with Cisco Unified Presence. (The port of the SOAP Web Service interface that Cisco Unified Presence listens on to accept user sign-in requests.) The default is 8443. Backup Host Name/ IP Address (Optional) Hostname or IP address of the backup Cisco Unified Presence Server, if you have one.
Application User Name The user ID of the Application User you created in Cisco Unified Presence.
A-10
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Microsoft Exchange Enterprise Adapter Settings
Setting Application Password Security Context
Description Password for this Application User. Select a security context for the Cisco Unified Presence server. For the simplest configuration, choose a Security Context that has the Trust Policy set to All Certificates. If you choose a security context that has the Trust Policy set to Trusted Certificates, you must deploy necessary certificates.
Your Value
Related Topics

Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage. Importing Self-Signed Certificates from Trusted Servers, page 9-10 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5
Advanced Settings
Do not change these values from the defaults unless you have specific reason to do so. Setting SIP Settings Default Subscription Interval Transport Type Default is 3600. Default is TCP. If you configured Cisco Unified Presence to require a TLS connection, you must select TLS here. Listen Port Min Connections Max Connections Max Load Per Connection Default is 5060. Default is 5. Default is 20. Default is 200. Description Your Value
About Microsoft Exchange Enterprise Adapter Settings

Cisco Unified Mobility Advantage uses Exchange for:

Directory Lookup for personal contacts of users Caller identification of people who are in the personal contact of users Triggering meeting notifications in Outlook
A-11
Appendix A About Microsoft Exchange Enterprise Adapter Settings
Triggering availability status changes to In a Meeting based on meetings that appear in the Exchange calendar of each user
Meeting notifications and availability status changes are triggered only for Cisco Unified MeetingPlace or Cisco Unified MeetingPlace Express meetings that users schedule using the Outlook Plug-In for their respective conferencing product. At least one Exchange server is required. Cisco Unified Mobility Advantage can connect to multiple Exchange servers. Create an adapter for each. You entered values into these tables while preparing to install or to upgrade from Release 3.x.

Basic Settings, page A-12 Connection Pooling, page A-13
Basic Settings
Setting Description If Microsoft Exchange is clustered, use the hostname associated with the Outlook Web Access (OWA) bridgehead. Transport Type TLS is the secure transport type. Select TLS if Exchange is running SSL. TCP is the nonsecure transport type. Select TCP if Exchange is not running SSL. Port The port used to connect the Cisco Unified Mobility Advantage Server to the Exchange server. This is the Outlook Web Access (OWA) port of the Exchange server. The default port for SSL connections is 443. The default port for non-SSL connections is 80. Exchange Domain The domain for this instance of the Exchange server. For example, CORP. This is the domain that users use when logging into their Windows desktops. Your Value
Hostname/IP Address The hostname or IP address of the Exchange server.
A-12
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Microsoft Exchange Enterprise Adapter Settings
Setting User Name Suffix
Description The suffix that is appended to usernames to complete their corporate email address. Leave this setting blank unless you have a specific reason to change it, for example if you have email addresses with subdomains such as sales.yourcompany.com that resolve to a single domain such as yourcompany.com. If email addresses cannot be determined from Active Directory, obtain this value from your Exchange administrator. This suffix must be a fully qualified DNS domain name. It is often, but not always, yourcompany.com. Do not include the @ character.
Your Value
Polling Period (sec) This setting does not appear in the Configuration Wizard.
Determines how frequently to poll the Exchange server for contact and unified voicemail updates. Default setting is recommended. A short polling period can adversely affect the performance of the Exchange and Cisco Unified Mobility Advantage servers.
Connection Pooling
Cisco Unified Mobility Advantage maintains a pool of connections to Exchange for use as needed, in order to minimize the need to continually reconnect to and disconnect from Exchange. This pool of connections is configured by settings in this tab. You should not need to change these settings from the default. These settings do not appear in the Configuration Wizard. Connection Pooling Max Connections When Exhausted Description Maximum number of concurrent connections between Cisco Unified Mobility Advantage and the Exchange server. When the maximum number of connections is allocated, this determines whether the demand for more connections will grow the pool, or have the requests queued up.

Your Value
Blockthe requests queue up Growthe connection pool grows
Max Wait Time (sec) Max Idle Connections
Maximum allowable wait time (in seconds) before timeout, if Block is selected in the When Exhausted setting. Maximum number of connections that can remain idle at any given time. If the number goes above this, the server starts closing the connections.
A-13
Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings
About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings

Cisco Unity and Cisco Unity Connection provide voicemail services to Cisco Unified Mobility Advantage. If you have users on more than one Exchange or voicemail server, create a separate voicemail adapter for each Exchange server or voicemail store. You entered values into these tables while preparing to install or to upgrade from Release 3.x.

Basic Settings, page A-14 Voicemail Settings Tab, page A-16
Basic Settings
Setting IMAP Information Unity Exchange Hostname/IP Address For Cisco Unity: Hostname of the Exchange server. If you have users on more than one Exchange server, create a separate Cisco Unity adapter for each Exchange server. For Cisco Unity Connection: IP address of the Cisco Unity Connection server. If you have users on more than one Cisco Unity Connection server, create a separate adapter for each Cisco Unity Connection server. Port If Transport Type is TCP:

Description
Your Value
For Cisco Unity: Default is 143. For Cisco Unity Connection: Default is 7993 For Cisco Unity: Default is 993 For Cisco Unity Connection: Default is 7993
If Transport Type is TLS:

Polling Period (sec)
The frequency with which Cisco Unified Mobility Advantage checks for new voice messages. The default is every 600 seconds. Very frequent polling may impact performance.
A-14
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings
Setting Transport Type
Description The connection type for connections to the Exchange server (for Cisco Unity) or to the Cisco Unity Connection server. This setting must match the setting on the Exchange or Cisco Unity Connection server. Select TLS for secure connections (SSL on Exchange or TLS on Cisco Unity Connection). Select TCP for nonsecure connections.
Your Value
Security Context
Select a security context if you chose TLS as the Transport Type. For the simplest configuration, choose a Security Context that has the Trust Policy set to All Certificates. If you choose a security context that has the Trust Policy set to Trusted Certificates, you must deploy certificates.
Select Yes if the user ID and password for user account on the Are the Voicemail credentials for the voicemail system is the same as in Active Directory. user the same as the Select No otherwise. corporate credentials? Unity Version If you are using Cisco Unity Release 7.x, enter the following SOAP information.
SOAP Information Information in this section applies only to Cisco Unity Release 7.x. Unity Host Name/ IP Address The host name or IP address of the Cisco Unity server. This may or may not be the same as the Unity Exchange Host Name/IP Address which hosts the voice messages that are retrieved by IMAP, which you entered above. Select TLS for SSL connections. Select TCP for nonsecure connections. This must match the connection type you specify in Cisco Unity. Port Unity Backup Host Name/ IP Address Application User Name The SOAP port. The default port for TLS is 443, and the default for TCP is 80. The host name or IP address of a back up Cisco Unity server if you have one. The Cisco Unity Application user ID. This is the same user ID that you use to sign in to the Cisco Unity Administration page. The Microsoft Exchange or NT domain of the Cisco Unity inbox.
Note
Transport Type
Application Password The Password for the Unity Application User. Domain
This is not the Fully Qualified Domain Name domain.
A-15
Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings
Setting Additional Information Security Context
Description Select a security context for the voicemail server. For the simplest configuration, choose a Security Context that has the Trust Policy set to All Certificates. If you choose a security context that has the Trust Policy set to Trusted Certificates, you must deploy necessary certificates.
Your Value
Related Topics

Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage. Importing Self-Signed Certificates from Trusted Servers, page 9-10 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5
Voicemail Settings Tab

Caution
We recommend that you keep the default Unity voicemail settings. Do not change these settings unless recommended to do so by Cisco support.
Setting Phone number search field name Phone number search pattern
Description Field to search the phone number of a caller. Default is Subject. We recommend that you do not change the default value. Regular expression for the search pattern that should be used in the Phone Number Search Field Name field. This information is used to identify callers by matching information from Cisco Unity and Cisco Unified Communications Manager with existing contact information in Exchange and Active Directory. Default is the regular expression [0-9]{4,} We recommend that you do not change the default value.
Your Value
A-16

Cuma 70 Install Admin

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cuma 70 Install Admin

Uploaded by

Copyright:

Available Formats

Installation and Administration Guide for Cisco Unified Mobility Advantage

Release 7.0 Revised Date: October 27, 2009

Preparing to Install or Upgrade Cisco Unified Mobility Advantage

Order of Installation, Upgrade, and Configuration Tasks

Chapter 1 Tasks with Long Lead Times

Preparing to Install or Upgrade Cisco Unified Mobility Advantage

Tasks with Long Lead Times

Cisco Unified Mobility Advantage in the Network

Your network must provide IP connectivity between:

Cisco Adaptive Security Appliance with TLS Proxy MMP/SSL/TLS

Mobile Data Network (GPRS Data Channel)

Active Directory Exchange

Cisco Unified Presence

Cisco Unified Mobile Communicator PSTN

Cisco Unified Mobility Advantage

Conferencing Cisco Unified Communications Manager

Obtaining IP Addresses and DNS Names from IT

Chapter 1 Obtaining IP Addresses and DNS Names from IT

Preparing to Install or Upgrade Cisco Unified Mobility Advantage

Required IP Addresses and Host Names

Opening Firewall Ports

Cisco Unified Mobile Communicator

Firewall Outer firewall

Proxy Client Download Port (HTTP)

Cisco Unified Mobility Advantage

Chapter 1 Your Network and Related Servers Must Be Functioning Properly

Preparing to Install or Upgrade Cisco Unified Mobility Advantage

Configuring Server Setup Network Configuration, page 7-21.

Your Network and Related Servers Must Be Functioning Properly

Preparing Information Required for Installation and Configuration

Step 2 Step 3 Step 4

Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage

Chapter 1 Preparing Information Required for Installation and Configuration

Preparing to Install or Upgrade Cisco Unified Mobility Advantage

Chapter 2 Cisco Adaptive Security Appliance Documentation

Cisco Adaptive Security Appliance Documentation

Find Cisco Adaptive Security Appliance documentation at http://cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html.

About Cisco Adaptive Security Appliance Deployment Options

Cisco Adaptive Security Appliance Installed as a Firewall

Cisco Adaptive Security Appliance Installed as a Firewall

Mobile Data Network (GPRS Data Channel)

Active Directory Exchange

Cisco Unified Presence

MMP/SSL/TLS Hostname: cuma.example.com IP Address: 192.0.2.140 Port: 5443 Voice mail

Cisco Unified Mobile Communicator PSTN

IP Address: Cisco Unified Mobility 10.1.1.1 Advantage

Conferencing Cisco Unified Communications Manager

Cisco Adaptive Security Appliance Installed as a Proxy Server Only

Cisco Adaptive Security Appliance Installed in the DMZ as Proxy Only

Client connects to cuma.example.com (192.0.2.41) Cisco Unified Mobile Communicator

Cisco Adaptive Security Appliance with TLS Proxy

Cisco Unified Communications Manager

Exchange Cisco Unified Presence Enterprise Network

Using the Cisco Adaptive Security Appliance Command-Line Interface

(no password) configure terminal

Specifying NAT Rules

Chapter 2 Specifying NAT Rules

static (inside,outside) tcp interface 9079 172.16.27.41 9080 netmask 255.255.255.255

Setting Static Routes

Allowing Traffic Through to the Cisco Unified Mobility Advantage Server

How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate

Generate a Certificate Signing Request

Submit the Certificate Signing Request to the Certificate Authority